Skip to content

Commit 574e35a

Browse files
matthewmcgarveymatthewmcgarvey
committed
HTML escape user input
1 parent 56e5051 commit 574e35a

File tree

1 file changed

+1
-1
lines changed

1 file changed

+1
-1
lines changed

src/invidious/routes/search.cr

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -56,7 +56,7 @@ module Invidious::Routes::Search
5656
begin
5757
search_query, count, videos, operators = process_search_query(query, page, user, region: region)
5858
rescue ex : ChannelSearchException
59-
return error_template(404, "Unable to find channel with id of '#{ex.channel}'. Are you sure that's an actual channel id? It will look like 'UC4QobU6STFB0P71PMvOGN5A'.")
59+
return error_template(404, "Unable to find channel with id of '#{HTML.escape(ex.channel)}'. Are you sure that's an actual channel id? It will look like 'UC4QobU6STFB0P71PMvOGN5A'.")
6060
rescue ex
6161
return error_template(500, ex)
6262
end

0 commit comments

Comments
 (0)