HTML escape user input

This commit is contained in:
matthewmcgarvey 2022-01-19 09:01:13 -06:00
parent 56e505164d
commit 574e35a720

View file

@ -56,7 +56,7 @@ module Invidious::Routes::Search
begin begin
search_query, count, videos, operators = process_search_query(query, page, user, region: region) search_query, count, videos, operators = process_search_query(query, page, user, region: region)
rescue ex : ChannelSearchException rescue ex : ChannelSearchException
return error_template(404, "Unable to find channel with id of '#{ex.channel}'. Are you sure that's an actual channel id? It will look like 'UC4QobU6STFB0P71PMvOGN5A'.") return error_template(404, "Unable to find channel with id of '#{HTML.escape(ex.channel)}'. Are you sure that's an actual channel id? It will look like 'UC4QobU6STFB0P71PMvOGN5A'.")
rescue ex rescue ex
return error_template(500, ex) return error_template(500, ex)
end end