From 01acf7943650b3a4cefe75e9aab5f2aab7cfab32 Mon Sep 17 00:00:00 2001
From: Kavin <20838718+FireMasterK@users.noreply.github.com>
Date: Sat, 31 Dec 2022 20:05:32 +0000
Subject: [PATCH] Fix for potential XSS attacks.

---
 .../extractor/services/youtube/YoutubeParsingHelper.java      | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/extractor/src/main/java/org/schabi/newpipe/extractor/services/youtube/YoutubeParsingHelper.java b/extractor/src/main/java/org/schabi/newpipe/extractor/services/youtube/YoutubeParsingHelper.java
index e65361c8..ba0e2f2e 100644
--- a/extractor/src/main/java/org/schabi/newpipe/extractor/services/youtube/YoutubeParsingHelper.java
+++ b/extractor/src/main/java/org/schabi/newpipe/extractor/services/youtube/YoutubeParsingHelper.java
@@ -33,7 +33,7 @@ import com.grack.nanojson.JsonObject;
 import com.grack.nanojson.JsonParser;
 import com.grack.nanojson.JsonParserException;
 import com.grack.nanojson.JsonWriter;
-
+import org.jsoup.nodes.Entities;
 import org.schabi.newpipe.extractor.MetaInfo;
 import org.schabi.newpipe.extractor.downloader.Response;
 import org.schabi.newpipe.extractor.exceptions.AccountTerminatedException;
@@ -967,7 +967,7 @@ public final class YoutubeParsingHelper {
                     textBuilder.append("<s>");
                 }
 
-                textBuilder.append(text);
+                textBuilder.append(Entities.escape(text));
 
                 if (strikethrough) {
                     textBuilder.append("</s>");