HTML escape title on watch and embed pages

pull/66/head
Omar Roth 6 years ago
parent 01d23c6191
commit 25bf44d7ad

@ -14,7 +14,7 @@
<script src="https://unpkg.com/silvermine-videojs-quality-selector@1.1.2/dist/js/silvermine-videojs-quality-selector.min.js"></script> <script src="https://unpkg.com/silvermine-videojs-quality-selector@1.1.2/dist/js/silvermine-videojs-quality-selector.min.js"></script>
<script src="https://unpkg.com/videojs-markers@1.0.1/dist/videojs-markers.min.js"></script> <script src="https://unpkg.com/videojs-markers@1.0.1/dist/videojs-markers.min.js"></script>
<script src="https://unpkg.com/videojs-share@1.1.0/dist/videojs-share.min.js"></script> <script src="https://unpkg.com/videojs-share@1.1.0/dist/videojs-share.min.js"></script>
<title><%= video.title %> - Invidious</title> <title><%= HTML.escape(video.title) %> - Invidious</title>
</head> </head>
<body> <body>
@ -82,7 +82,7 @@ var shareOptions = {
socials: ["fb", "tw", "reddit", "mail"], socials: ["fb", "tw", "reddit", "mail"],
url: "<%= host_url %>/<%= video.id %>?<%= host_params %>", url: "<%= host_url %>/<%= video.id %>?<%= host_params %>",
title: "<%= video.title %>", title: "<%= HTML.escape(video.title) %>",
description: "<%= description %>", description: "<%= description %>",
image: '<%= thumbnail %>', image: '<%= thumbnail %>',
embedCode: `<iframe id='ivplayer' type='text/html' width='640' height='360' embedCode: `<iframe id='ivplayer' type='text/html' width='640' height='360'

@ -4,7 +4,7 @@
<meta name="keywords" content="<%= video.info["keywords"] %>"> <meta name="keywords" content="<%= video.info["keywords"] %>">
<meta property="og:site_name" content="Invidious"> <meta property="og:site_name" content="Invidious">
<meta property="og:url" content="<%= host_url %>/watch?v=<%= video.id %>"> <meta property="og:url" content="<%= host_url %>/watch?v=<%= video.id %>">
<meta property="og:title" content="<%= video.title %>"> <meta property="og:title" content="<%= HTML.escape(video.title) %>">
<meta property="og:image" content="https://i.ytimg.com/vi/<%= video.id %>/hqdefault.jpg"> <meta property="og:image" content="https://i.ytimg.com/vi/<%= video.id %>/hqdefault.jpg">
<meta property="og:description" content="<%= description %>"> <meta property="og:description" content="<%= description %>">
<meta property="og:type" content="video.other"> <meta property="og:type" content="video.other">
@ -16,7 +16,7 @@
<meta name="twitter:card" content="player"> <meta name="twitter:card" content="player">
<meta name="twitter:site" content="@omarroth"> <meta name="twitter:site" content="@omarroth">
<meta name="twitter:url" content="<%= host_url %>/watch?v=<%= video.id %>"> <meta name="twitter:url" content="<%= host_url %>/watch?v=<%= video.id %>">
<meta name="twitter:title" content="<%= video.title %>"> <meta name="twitter:title" content="<%= HTML.escape(video.title) %>">
<meta name="twitter:description" content="<%= description %>"> <meta name="twitter:description" content="<%= description %>">
<meta name="twitter:image" content="https://i.ytimg.com/vi/<%= video.id %>/maxresdefault.jpg"> <meta name="twitter:image" content="https://i.ytimg.com/vi/<%= video.id %>/maxresdefault.jpg">
<meta name="twitter:player" content="<%= host_url %>/embed/<%= video.id %>"> <meta name="twitter:player" content="<%= host_url %>/embed/<%= video.id %>">
@ -31,7 +31,7 @@
<script src="https://unpkg.com/silvermine-videojs-quality-selector@1.1.2/dist/js/silvermine-videojs-quality-selector.min.js"></script> <script src="https://unpkg.com/silvermine-videojs-quality-selector@1.1.2/dist/js/silvermine-videojs-quality-selector.min.js"></script>
<script src="https://unpkg.com/videojs-markers@1.0.1/dist/videojs-markers.min.js"></script> <script src="https://unpkg.com/videojs-markers@1.0.1/dist/videojs-markers.min.js"></script>
<script src="https://unpkg.com/videojs-share@1.1.0/dist/videojs-share.min.js"></script> <script src="https://unpkg.com/videojs-share@1.1.0/dist/videojs-share.min.js"></script>
<title><%= video.title %> - Invidious</title> <title><%= HTML.escape(video.title) %> - Invidious</title>
<% end %> <% end %>
<% if hlsvp %> <% if hlsvp %>
@ -92,7 +92,7 @@ var shareOptions = {
socials: ["fb", "tw", "reddit", "mail"], socials: ["fb", "tw", "reddit", "mail"],
url: "<%= host_url %>/<%= video.id %>?<%= host_params %>", url: "<%= host_url %>/<%= video.id %>?<%= host_params %>",
title: "<%= video.title %>", title: "<%= HTML.escape(video.title) %>",
description: "<%= description %>", description: "<%= description %>",
image: '<%= thumbnail %>', image: '<%= thumbnail %>',
embedCode: `<iframe id='ivplayer' type='text/html' width='640' height='360' embedCode: `<iframe id='ivplayer' type='text/html' width='640' height='360'
@ -312,7 +312,7 @@ get_youtube_comments();
<div class="h-box"> <div class="h-box">
<h1> <h1>
<%= video.title %> <%= HTML.escape(video.title) %>
<% if listen %> <% if listen %>
<a href="/watch?<%= env.params.query %>"> <a href="/watch?<%= env.params.query %>">
<i class="icon ion-ios-videocam" aria-hidden="true"></i> <i class="icon ion-ios-videocam" aria-hidden="true"></i>

Loading…
Cancel
Save