mirrors/nadeko_invidious
1
0
Fork 0
mirror of https://git.nadeko.net/Fijxu/invidious.git synced 2026-01-17 20:31:44 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Change <input value="..."> encoding to HTML.escape

Browse Source
This commit is contained in:
mastihios
2021-10-11 20:35:07 +00:00
committed by Samantaz Fox
parent 0ca333715b
commit cb0f7bf6b0
13 changed files with 17 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/invidious/views/edit_playlist.ecr
View File

@@ -41,7 +41,7 @@
<div class="h-box">
<textarea maxlength="5000" name="description" style="margin-top:10px;max-width:100%;height:20vh" class="pure-input-1"><%= playlist.description %></textarea>
</div>
<input type="hidden" name="csrf_token" value="<%= URI.encode_www_form(csrf_token) %>">
<input type="hidden" name="csrf_token" value="<%= HTML.escape(csrf_token) %>">
</form>
<% if playlist.is_a?(InvidiousPlaylist) && playlist.author == user.try &.email %>