Escape video titles in download widget

This commit is contained in:
Omar Roth 2019-02-25 17:54:55 -06:00
parent 62ff9605ce
commit 7a7049b25b

View file

@ -59,17 +59,17 @@
<label for="download_widget"><%= translate(locale, "Download as: ") %></label> <label for="download_widget"><%= translate(locale, "Download as: ") %></label>
<select style="width:100%" name="download_widget" id="download_widget"> <select style="width:100%" name="download_widget" id="download_widget">
<% video_streams.each do |option| %> <% video_streams.each do |option| %>
<option value='{"id":"<%= video.id %>","itag":"<%= option["itag"] %>","title":"<%= video.title.dump_unquoted %>-<%= video.id %>.mp4"}'> <option value='{"id":"<%= video.id %>","itag":"<%= option["itag"] %>","title":"<%= HTML.escape(video.title) %>-<%= video.id %>.mp4"}'>
<%= option["quality_label"] %> - <%= option["type"].split(";")[0] %> @ <%= option["fps"] %>fps - video only <%= option["quality_label"] %> - <%= option["type"].split(";")[0] %> @ <%= option["fps"] %>fps - video only
</option> </option>
<% end %> <% end %>
<% audio_streams.each do |option| %> <% audio_streams.each do |option| %>
<option value='{"id":"<%= video.id %>","itag":"<%= option["itag"] %>","title":"<%= video.title.dump_unquoted %>-<%= video.id %>.mp4"}'> <option value='{"id":"<%= video.id %>","itag":"<%= option["itag"] %>","title":"<%= HTML.escape(video.title) %>-<%= video.id %>.mp4"}'>
<%= option["type"].split(";")[0] %> @ <%= option["bitrate"] %>k - audio only <%= option["type"].split(";")[0] %> @ <%= option["bitrate"] %>k - audio only
</option> </option>
<% end %> <% end %>
<% fmt_stream.each do |option| %> <% fmt_stream.each do |option| %>
<option value='{"id":"<%= video.id %>","itag":"<%= option["itag"] %>","title":"<%= video.title.dump_unquoted %>-<%= video.id %>.mp4"}'> <option value='{"id":"<%= video.id %>","itag":"<%= option["itag"] %>","title":"<%= HTML.escape(video.title) %>-<%= video.id %>.mp4"}'>
<%= itag_to_metadata?(option["itag"]).try &.["height"]? || "~240" %>p - <%= option["type"].split(";")[0] %> <%= itag_to_metadata?(option["itag"]).try &.["height"]? || "~240" %>p - <%= option["type"].split(";")[0] %>
</option> </option>
<% end %> <% end %>