iv-org
/
invidious
mirror of https://gitea.invidious.io/iv-org/invidious
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

HTML escape video mimetype 

Video mimetype may contain code information between double quotes.
If not properly escaped, it breaks the browser's parser. E.g:
```
type="video/mp4; codecs=" avc1.64001f,="" mp4a.40.2""=""
```

Thank Robin for catching this!
This commit is contained in:
Samantaz Fox 2021-09-13 18:20:11 +02:00 committed by GitHub
parent 50c8afb525
commit 947fe4fbb3
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/invidious/views/components/player.ecr
View File

@ -23,7 +23,7 @@
src_url += "&local=true" if params.local
quality = fmt["quality"]
mimetype = fmt["mimeType"]
mimetype = HTML.escape(fmt["mimeType"].as_s)
selected = params.quality ? (params.quality == quality) : (i == 0)
%>