helix
/
invidious
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

HTML escape user input

Browse Source
pull/2821/head
matthewmcgarvey 3 years ago
parent 56e505164d
commit 574e35a720
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File

2
src/invidious/routes/search.cr
Unescape Escape View File

@ -56,7 +56,7 @@ module Invidious::Routes::Search
begin begin
search_query, count, videos, operators = process_search_query(query, page, user, region: region) search_query, count, videos, operators = process_search_query(query, page, user, region: region)
rescue ex : ChannelSearchException rescue ex : ChannelSearchException
return error_template(404, "Unable to find channel with id of '#{ex.channel}'. Are you sure that's an actual channel id? It will look like 'UC4QobU6STFB0P71PMvOGN5A'.") return error_template(404, "Unable to find channel with id of '#{HTML.escape(ex.channel)}'. Are you sure that's an actual channel id? It will look like 'UC4QobU6STFB0P71PMvOGN5A'.")
rescue ex rescue ex
return error_template(500, ex) return error_template(500, ex)
end end

Write Preview
Loading…
Cancel
Save