HTML escape title on watch and embed pages

This commit is contained in:
Omar Roth 2018-08-01 16:07:47 -05:00
parent 01d23c6191
commit 25bf44d7ad
2 changed files with 7 additions and 7 deletions

View file

@ -14,7 +14,7 @@
<script src="https://unpkg.com/silvermine-videojs-quality-selector@1.1.2/dist/js/silvermine-videojs-quality-selector.min.js"></script>
<script src="https://unpkg.com/videojs-markers@1.0.1/dist/videojs-markers.min.js"></script>
<script src="https://unpkg.com/videojs-share@1.1.0/dist/videojs-share.min.js"></script>
<title><%= video.title %> - Invidious</title>
<title><%= HTML.escape(video.title) %> - Invidious</title>
</head>
<body>
@ -82,7 +82,7 @@ var shareOptions = {
socials: ["fb", "tw", "reddit", "mail"],
url: "<%= host_url %>/<%= video.id %>?<%= host_params %>",
title: "<%= video.title %>",
title: "<%= HTML.escape(video.title) %>",
description: "<%= description %>",
image: '<%= thumbnail %>',
embedCode: `<iframe id='ivplayer' type='text/html' width='640' height='360'

View file

@ -4,7 +4,7 @@
<meta name="keywords" content="<%= video.info["keywords"] %>">
<meta property="og:site_name" content="Invidious">
<meta property="og:url" content="<%= host_url %>/watch?v=<%= video.id %>">
<meta property="og:title" content="<%= video.title %>">
<meta property="og:title" content="<%= HTML.escape(video.title) %>">
<meta property="og:image" content="https://i.ytimg.com/vi/<%= video.id %>/hqdefault.jpg">
<meta property="og:description" content="<%= description %>">
<meta property="og:type" content="video.other">
@ -16,7 +16,7 @@
<meta name="twitter:card" content="player">
<meta name="twitter:site" content="@omarroth">
<meta name="twitter:url" content="<%= host_url %>/watch?v=<%= video.id %>">
<meta name="twitter:title" content="<%= video.title %>">
<meta name="twitter:title" content="<%= HTML.escape(video.title) %>">
<meta name="twitter:description" content="<%= description %>">
<meta name="twitter:image" content="https://i.ytimg.com/vi/<%= video.id %>/maxresdefault.jpg">
<meta name="twitter:player" content="<%= host_url %>/embed/<%= video.id %>">
@ -31,7 +31,7 @@
<script src="https://unpkg.com/silvermine-videojs-quality-selector@1.1.2/dist/js/silvermine-videojs-quality-selector.min.js"></script>
<script src="https://unpkg.com/videojs-markers@1.0.1/dist/videojs-markers.min.js"></script>
<script src="https://unpkg.com/videojs-share@1.1.0/dist/videojs-share.min.js"></script>
<title><%= video.title %> - Invidious</title>
<title><%= HTML.escape(video.title) %> - Invidious</title>
<% end %>
<% if hlsvp %>
@ -92,7 +92,7 @@ var shareOptions = {
socials: ["fb", "tw", "reddit", "mail"],
url: "<%= host_url %>/<%= video.id %>?<%= host_params %>",
title: "<%= video.title %>",
title: "<%= HTML.escape(video.title) %>",
description: "<%= description %>",
image: '<%= thumbnail %>',
embedCode: `<iframe id='ivplayer' type='text/html' width='640' height='360'
@ -312,7 +312,7 @@ get_youtube_comments();
<div class="h-box">
<h1>
<%= video.title %>
<%= HTML.escape(video.title) %>
<% if listen %>
<a href="/watch?<%= env.params.query %>">
<i class="icon ion-ios-videocam" aria-hidden="true"></i>