HTML escape username

pull/3205/head
Émilien Devos 2 years ago committed by GitHub
parent 0ed22c0be0
commit 6c4ed282bb

@ -68,7 +68,7 @@
</div> </div>
<% if env.get("preferences").as(Preferences).show_nick %> <% if env.get("preferences").as(Preferences).show_nick %>
<div class="pure-u-1-4"> <div class="pure-u-1-4">
<span id="user_name"><%= env.get("user").as(Invidious::User).email %></span> <span id="user_name"><%= HTML.escape(env.get("user").as(Invidious::User).email) %></span>
</div> </div>
<% end %> <% end %>
<div class="pure-u-1-4"> <div class="pure-u-1-4">

Loading…
Cancel
Save