From 039212ed9199ebcac7686bdb1c562c86d708cfc9 Mon Sep 17 00:00:00 2001 From: ChunkyProgrammer <78101139+ChunkyProgrammer@users.noreply.github.com> Date: Tue, 9 Apr 2024 18:04:21 -0400 Subject: [PATCH] escape html, add todo comment --- src/invidious/comments/youtube.cr | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/invidious/comments/youtube.cr b/src/invidious/comments/youtube.cr index 4c6a0d56..ee1568e5 100644 --- a/src/invidious/comments/youtube.cr +++ b/src/invidious/comments/youtube.cr @@ -141,7 +141,8 @@ module Invidious::Comments comment_mutation = mutations.find { |i| i.dig?("payload", "commentEntityPayload", "key") == comment_key } toolbar_mutation = mutations.find { |i| i.dig?("entityKey") == toolbar_key } if !comment_mutation.nil? && !toolbar_mutation.nil? - html_content = comment_mutation.dig("payload", "commentEntityPayload", "properties", "content", "content").as_s + # todo parse styleRuns, commandRuns and attachmentRuns for comments + html_content = HTML.escape(comment_mutation.dig("payload", "commentEntityPayload", "properties", "content", "content").as_s) if comment_author = comment_mutation.dig?("payload", "commentEntityPayload", "author") json.field "authorId", comment_author["channelId"].as_s json.field "authorUrl", "/channel/#{comment_author["channelId"].as_s}"