diff options
| -rw-r--r-- | src/invidious/views/clear_watch_history.ecr | 2 | ||||
| -rw-r--r-- | src/invidious/views/data_control.ecr | 2 | ||||
| -rw-r--r-- | src/invidious/views/delete_account.ecr | 2 | ||||
| -rw-r--r-- | src/invidious/views/preferences.ecr | 2 | ||||
| -rw-r--r-- | src/invidious/views/subscription_manager.ecr | 2 | ||||
| -rw-r--r-- | src/invidious/views/token_manager.ecr | 2 |
6 files changed, 6 insertions, 6 deletions
diff --git a/src/invidious/views/clear_watch_history.ecr b/src/invidious/views/clear_watch_history.ecr index ea6eb1fc..2bb9884c 100644 --- a/src/invidious/views/clear_watch_history.ecr +++ b/src/invidious/views/clear_watch_history.ecr @@ -13,7 +13,7 @@ </button> </div> <div class="pure-u-1-2"> - <a class="pure-button" href="<%= referer %>"> + <a class="pure-button" href="<%= URI.escape(referer) %>"> <%= translate(locale, "No") %> </a> </div> diff --git a/src/invidious/views/data_control.ecr b/src/invidious/views/data_control.ecr index 6ab3e57e..463d5fd4 100644 --- a/src/invidious/views/data_control.ecr +++ b/src/invidious/views/data_control.ecr @@ -3,7 +3,7 @@ <% end %> <div class="h-box"> - <form class="pure-form pure-form-aligned" enctype="multipart/form-data" action="/data_control?referer=<%= referer %>" method="post"> + <form class="pure-form pure-form-aligned" enctype="multipart/form-data" action="/data_control?referer=<%= URI.escape(referer) %>" method="post"> <fieldset> <legend><%= translate(locale, "Import") %></legend> diff --git a/src/invidious/views/delete_account.ecr b/src/invidious/views/delete_account.ecr index 7cfb9bfa..0fa1e77c 100644 --- a/src/invidious/views/delete_account.ecr +++ b/src/invidious/views/delete_account.ecr @@ -13,7 +13,7 @@ </button> </div> <div class="pure-u-1-2"> - <a class="pure-button" href="<%= referer %>"> + <a class="pure-button" href="<%= URI.escape(referer) %>"> <%= translate(locale, "No") %> </a> </div> diff --git a/src/invidious/views/preferences.ecr b/src/invidious/views/preferences.ecr index 12513a64..d0747b59 100644 --- a/src/invidious/views/preferences.ecr +++ b/src/invidious/views/preferences.ecr @@ -9,7 +9,7 @@ function update_value(element) { </script> <div class="h-box"> - <form class="pure-form pure-form-aligned" action="/preferences?referer=<%= referer %>" method="post"> + <form class="pure-form pure-form-aligned" action="/preferences?referer=<%= URI.escape(referer) %>" method="post"> <fieldset> <legend><%= translate(locale, "Player preferences") %></legend> diff --git a/src/invidious/views/subscription_manager.ecr b/src/invidious/views/subscription_manager.ecr index 6e015738..fe866bd0 100644 --- a/src/invidious/views/subscription_manager.ecr +++ b/src/invidious/views/subscription_manager.ecr @@ -19,7 +19,7 @@ </div> <div class="pure-u-1-3" style="text-align:right"> <h3> - <a href="/data_control?referer=<%= referer %>"> + <a href="/data_control?referer=<%= URI.escape(referer) %>"> <%= translate(locale, "Import/export") %> </a> </h3> diff --git a/src/invidious/views/token_manager.ecr b/src/invidious/views/token_manager.ecr index 713873dc..c5cfd7ff 100644 --- a/src/invidious/views/token_manager.ecr +++ b/src/invidious/views/token_manager.ecr @@ -11,7 +11,7 @@ <div class="pure-u-1-3"></div> <div class="pure-u-1-3" style="text-align:right"> <h3> - <a href="/preferences?referer=<%= referer %>"><%= translate(locale, "Preferences") %></a> + <a href="/preferences?referer=<%= URI.escape(referer) %>"><%= translate(locale, "Preferences") %></a> </h3> </div> </div> |