helix
/
invidious
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

HTML escape video mimetype

Browse Source 
Video mimetype may contain code information between double quotes.
If not properly escaped, it breaks the browser's parser. E.g:
```
type="video/mp4; codecs=" avc1.64001f,="" mp4a.40.2""=""
```

Thank Robin for catching this!
pull/2406/head
Samantaz Fox 3 years ago committed by GitHub
parent 50c8afb525
commit 947fe4fbb3
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File

2
src/invidious/views/components/player.ecr
Unescape Escape View File

@ -23,7 +23,7 @@
src_url += "&local=true" if params.local src_url += "&local=true" if params.local
quality = fmt["quality"] quality = fmt["quality"]
mimetype = fmt["mimeType"] mimetype = HTML.escape(fmt["mimeType"].as_s)
selected = params.quality ? (params.quality == quality) : (i == 0) selected = params.quality ? (params.quality == quality) : (i == 0)
%> %>

Write Preview
Loading…
Cancel
Save