Escape video titles in download widget

author: Omar Roth <omarroth@hotmail.com> 2019-02-25 17:54:55 -0600
committer: Omar Roth <omarroth@hotmail.com> 2019-02-25 17:54:55 -0600
commit: 7a7049b25bc151cda8ea464f5db5950ccb3618cc (patch)
tree: 9518cad06402cba5a0ebfbb89384067215643c12 /src
parent: 62ff9605ce431ebe5d402842b0866fff41381b6a (diff)
download: invidious-7a7049b25bc151cda8ea464f5db5950ccb3618cc.tar.gz
invidious-7a7049b25bc151cda8ea464f5db5950ccb3618cc.tar.bz2
invidious-7a7049b25bc151cda8ea464f5db5950ccb3618cc.zip
1 files changed, 3 insertions, 3 deletions
diff --git a/src/invidious/views/watch.ecr b/src/invidious/views/watch.ecr
index 3949245d..8f52d2d2 100644
--- a/src/invidious/views/watch.ecr
+++ b/src/invidious/views/watch.ecr
@@ -59,17 +59,17 @@
                     <label for="download_widget"><%= translate(locale, "Download as: ") %></label>
                     <select style="width:100%" name="download_widget" id="download_widget">
                     <% video_streams.each do |option| %>
-                        <option value='{"id":"<%= video.id %>","itag":"<%= option["itag"] %>","title":"<%= video.title.dump_unquoted %>-<%= video.id %>.mp4"}'>
+                        <option value='{"id":"<%= video.id %>","itag":"<%= option["itag"] %>","title":"<%= HTML.escape(video.title) %>-<%= video.id %>.mp4"}'>
                             <%= option["quality_label"] %> - <%= option["type"].split(";")[0] %> @ <%= option["fps"] %>fps - video only
                         </option>
                     <% end %>
                     <% audio_streams.each do |option| %>
-                        <option value='{"id":"<%= video.id %>","itag":"<%= option["itag"] %>","title":"<%= video.title.dump_unquoted %>-<%= video.id %>.mp4"}'>
+                        <option value='{"id":"<%= video.id %>","itag":"<%= option["itag"] %>","title":"<%= HTML.escape(video.title) %>-<%= video.id %>.mp4"}'>
                             <%= option["type"].split(";")[0] %> @ <%= option["bitrate"] %>k - audio only
                         </option>
                     <% end %>
                     <% fmt_stream.each do |option| %>
-                        <option value='{"id":"<%= video.id %>","itag":"<%= option["itag"] %>","title":"<%= video.title.dump_unquoted %>-<%= video.id %>.mp4"}'>
+                        <option value='{"id":"<%= video.id %>","itag":"<%= option["itag"] %>","title":"<%= HTML.escape(video.title) %>-<%= video.id %>.mp4"}'>
                             <%= itag_to_metadata?(option["itag"]).try &.["height"]? || "~240" %>p - <%= option["type"].split(";")[0] %>
                         </option>
                     <% end %>
author	Omar Roth <omarroth@hotmail.com>	2019-02-25 17:54:55 -0600
committer	Omar Roth <omarroth@hotmail.com>	2019-02-25 17:54:55 -0600
commit	7a7049b25bc151cda8ea464f5db5950ccb3618cc (patch)
tree	9518cad06402cba5a0ebfbb89384067215643c12 /src
parent	62ff9605ce431ebe5d402842b0866fff41381b6a (diff)
download	invidious-7a7049b25bc151cda8ea464f5db5950ccb3618cc.tar.gz invidious-7a7049b25bc151cda8ea464f5db5950ccb3618cc.tar.bz2 invidious-7a7049b25bc151cda8ea464f5db5950ccb3618cc.zip