From 947fe4fbb3f4c51820b8d07844579c2894eaee4f Mon Sep 17 00:00:00 2001
From: Samantaz Fox <coding@samantaz.fr>
Date: Mon, 13 Sep 2021 18:20:11 +0200
Subject: [PATCH] HTML escape video mimetype

Video mimetype may contain code information between double quotes.
If not properly escaped, it breaks the browser's parser. E.g:
```
type="video/mp4; codecs=" avc1.64001f,="" mp4a.40.2""=""
```

Thank Robin for catching this!
---
 src/invidious/views/components/player.ecr | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/invidious/views/components/player.ecr b/src/invidious/views/components/player.ecr
index c520fb5a..6418f66b 100644
--- a/src/invidious/views/components/player.ecr
+++ b/src/invidious/views/components/player.ecr
@@ -23,7 +23,7 @@
                 src_url += "&local=true" if params.local
 
                 quality = fmt["quality"]
-                mimetype = fmt["mimeType"]
+                mimetype = HTML.escape(fmt["mimeType"].as_s)
 
                 selected = params.quality ? (params.quality == quality) : (i == 0)
             %>