invidious-copy-2022-08-14/src/invidious/views/subscription_manager.ecr
leonklingele 70cbe91776
Migrate to a good Content Security Policy (#1023)
So attacks such as XSS (see [0]) will no longer be of an issue.

[0]: https://github.com/omarroth/invidious/issues/1022
2020-03-15 16:46:08 -05:00

54 lines
2.1 KiB
Text

<% content_for "header" do %>
<title><%= translate(locale, "Subscription manager") %> - Invidious</title>
<% end %>
<div class="pure-g h-box">
<div class="pure-u-1-3">
<h3>
<a href="/feed/subscriptions">
<%= translate(locale, "`x` subscriptions", %(<span id="count">#{subscriptions.size}</span>)) %>
</a>
</h3>
</div>
<div class="pure-u-1-3" style="text-align:center">
<h3>
<a href="/feed/history">
<%= translate(locale, "Watch history") %>
</a>
</h3>
</div>
<div class="pure-u-1-3" style="text-align:right">
<h3>
<a href="/data_control?referer=<%= URI.encode_www_form(referer) %>">
<%= translate(locale, "Import/export") %>
</a>
</h3>
</div>
</div>
<% subscriptions.each do |channel| %>
<div class="h-box">
<div class="pure-g<% if channel.deleted %> deleted <% end %>">
<div class="pure-u-2-5">
<h3 style="padding-left:0.5em">
<a href="/channel/<%= channel.id %>"><%= channel.author %></a>
</h3>
</div>
<div class="pure-u-2-5"></div>
<div class="pure-u-1-5" style="text-align:right">
<h3 style="padding-right:0.5em">
<form data-onsubmit="return_false" action="/subscription_ajax?action_remove_subscriptions=1&c=<%= channel.id %>&referer=<%= env.get("current_page") %>" method="post">
<input type="hidden" name="csrf_token" value="<%= URI.encode_www_form(env.get?("csrf_token").try &.as(String) || "") %>">
<a data-onclick="remove_subscription" data-ucid="<%= channel.id %>" href="#">
<input style="all:unset" type="submit" value="<%= translate(locale, "unsubscribe") %>">
</a>
</form>
</h3>
</div>
</div>
<% if subscriptions[-1].author != channel.author %>
<hr>
<% end %>
</div>
<% end %>