mirrors/nadeko_invidious
1
0
Fork 0
mirror of https://git.nadeko.net/Fijxu/invidious.git synced 2025-12-19 11:28:51 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Migrate to a good Content Security Policy (#1023)

Browse Source 
So attacks such as XSS (see [0]) will no longer be of an issue.

[0]: https://github.com/omarroth/invidious/issues/1022
This commit is contained in:
leonklingele
2020-03-16 06:46:08 +09:00
committed by GitHub
parent f92027c44b
commit 70cbe91776
29 changed files with 274 additions and 175 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
src/invidious/views/community.ecr
View File

@@ -71,14 +71,14 @@
</div>
<% end %>
<script>
var community_data = {
ucid: '<%= channel.ucid %>',
youtube_comments_text: '<%= HTML.escape(translate(locale, "View YouTube comments")) %>',
comments_text: '<%= HTML.escape(translate(locale, "View `x` comments", "{commentCount}")) %>',
hide_replies_text: '<%= HTML.escape(translate(locale, "Hide replies")) %>',
show_replies_text: '<%= HTML.escape(translate(locale, "Show replies")) %>',
preferences: <%= env.get("preferences").as(Preferences).to_json %>,
<script id="community_data" type="application/json">
{
"ucid": "<%= channel.ucid %>",
"youtube_comments_text": "<%= HTML.escape(translate(locale, "View YouTube comments")) %>",
"comments_text": "<%= HTML.escape(translate(locale, "View `x` comments", "{commentCount}")) %>",
"hide_replies_text": "<%= HTML.escape(translate(locale, "Hide replies")) %>",
"show_replies_text": "<%= HTML.escape(translate(locale, "Show replies")) %>",
"preferences": <%= env.get("preferences").as(Preferences).to_json %>
}
</script>
<script src="/js/community.js?v=<%= ASSET_COMMIT %>"></script>