HTML escape video mimetype

Video mimetype may contain code information between double quotes. If not properly escaped, it breaks the browser's parser. E.g: ``` type="video/mp4; codecs=" avc1.64001f,="" mp4a.40.2""="" ``` Thank Robin for catching this!
2024-08-15 00:43:26 +00:00 · 2021-09-13 18:20:11 +02:00 · 2021-09-13 18:20:11 +02:00 · 947fe4fbb3
commit 947fe4fbb3
parent 50c8afb525
1 changed files with 1 additions and 1 deletions
--- a/src/invidious/views/components/player.ecr
+++ b/src/invidious/views/components/player.ecr
@ -23,7 +23,7 @@
                src_url += "&local=true" if params.local

                quality = fmt["quality"]
-                mimetype = fmt["mimeType"]
+                mimetype = HTML.escape(fmt["mimeType"].as_s)

                selected = params.quality ? (params.quality == quality) : (i == 0)
            %>