mirrors/nadeko_invidious
1
0
Fork 0
mirror of https://git.nadeko.net/Fijxu/invidious.git synced 2026-02-14 20:46:24 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Fix XSS in title and input bar

Browse Source
This commit is contained in:
Omar Roth
2018-11-08 17:27:21 -06:00
parent 1ea563f4f1
commit 28f564ee4c
2 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/invidious/views/search.ecr
View File

@@ -1,5 +1,5 @@
<% content_for "header" do %>
<title><%= search_query.not_nil!.size > 30 ? query.not_nil![0,30].rstrip(".") + "..." : query.not_nil! %> - Invidious</title>
<title><%= search_query.not_nil!.size > 30 ? HTML.escape(query.not_nil![0,30].rstrip(".") + "...") : HTML.escape(query.not_nil!) %> - Invidious</title>
<% end %>
<% videos.each_slice(4) do |slice| %>