File tree Expand file tree Collapse file tree 13 files changed +17
-17
lines changed Expand file tree Collapse file tree 13 files changed +17
-17
lines changed Original file line number Diff line number Diff line change 7272 <input type =" hidden" name =" expire" value =" <%= expire %> "
7373 <% end %>
7474
75- <input type =" hidden" name =" csrf_token" value =" <%= URI .encode_www_form (csrf_token) %> "
75+ <input type =" hidden" name =" csrf_token" value =" <%= HTML .escape (csrf_token) %> "
7676 </form >
7777 </div >
7878<% end %>
Original file line number Diff line number Diff line change 2323 <%= translate(locale, " Change password" %>
2424 </button >
2525
26- <input type =" hidden" name =" csrf_token" value =" <%= URI .encode_www_form (csrf_token) %> "
26+ <input type =" hidden" name =" csrf_token" value =" <%= HTML .escape (csrf_token) %> "
2727 </fieldset >
2828 </form >
2929 </div >
Original file line number Diff line number Diff line change 1919 </div >
2020 </div >
2121
22- <input type =" hidden" name =" csrf_token" value =" <%= URI .encode_www_form (csrf_token) %> "
22+ <input type =" hidden" name =" csrf_token" value =" <%= HTML .escape (csrf_token) %> "
2323 </form >
2424</div >
Original file line number Diff line number Diff line change 5454 <img loading =" lazy" class =" thumbnail" src =" /vi/<%= item.id %> /mqdefault.jpg"
5555 <% if plid = env.get?(" remove_playlist_items" %>
5656 <form data-onsubmit =" return_false" action =" /playlist_ajax?action_remove_video=1&set_video_id=<%= item.index %> &playlist_id=<%= plid %> &referer=<%= env.get(" current_page" %> " method =" post"
57- <input type =" hidden" name =" csrf_token" value =" <%= URI .encode_www_form (env.get?(" csrf_token" & .as(String ) || " " %> "
57+ <input type =" hidden" name =" csrf_token" value =" <%= HTML .escape (env.get?(" csrf_token" & .as(String ) || " " %> "
5858 <p class =" watched"
5959 <a data-onclick =" remove_playlist_item" data-index =" <%= item.index %> " data-plid =" <%= plid %> " href =" javascript:void(0)"
6060 <button type =" submit" style =" all unset "
106106 <img loading =" lazy" class =" thumbnail" src =" /vi/<%= item.id %> /mqdefault.jpg"
107107 <% if env.get? " show_watched" %>
108108 <form data-onsubmit =" return_false" action =" /watch_ajax?action_mark_watched=1&id=<%= item.id %> &referer=<%= env.get(" current_page" %> " method =" post"
109- <input type =" hidden" name =" csrf_token" value =" <%= URI .encode_www_form (env.get?(" csrf_token" & .as(String ) || " " %> "
109+ <input type =" hidden" name =" csrf_token" value =" <%= HTML .escape (env.get?(" csrf_token" & .as(String ) || " " %> "
110110 <p class =" watched"
111111 <a data-onclick =" mark_watched" data-id =" <%= item.id %> " href =" javascript:void(0)"
112112 <button type =" submit" style =" all unset "
119119 </form >
120120 <% elsif plid = env.get? " add_playlist_items" %>
121121 <form data-onsubmit =" return_false" action =" /playlist_ajax?action_add_video=1&video_id=<%= item.id %> &playlist_id=<%= plid %> &referer=<%= env.get(" current_page" %> " method =" post"
122- <input type =" hidden" name =" csrf_token" value =" <%= URI .encode_www_form (env.get?(" csrf_token" & .as(String ) || " " %> "
122+ <input type =" hidden" name =" csrf_token" value =" <%= HTML .escape (env.get?(" csrf_token" & .as(String ) || " " %> "
123123 <p class =" watched"
124124 <a data-onclick =" add_playlist_item" data-id =" <%= item.id %> " data-plid =" <%= plid %> " href =" javascript:void(0)"
125125 <button type =" submit" style =" all unset "
Original file line number Diff line number Diff line change 22 <% if subscriptions.includes? ucid %>
33 <p >
44 <form action =" /subscription_ajax?action_remove_subscriptions=1&c=<%= ucid %> &referer=<%= env.get(" current_page" %> " method =" post"
5- <input type =" hidden" name =" csrf_token" value =" <%= URI .encode_www_form (env.get?(" csrf_token" & .as(String ) || " " %> "
5+ <input type =" hidden" name =" csrf_token" value =" <%= HTML .escape (env.get?(" csrf_token" & .as(String ) || " " %> "
66 <button data-type =" unsubscribe" id =" subscribe" class =" pure-button pure-button-primary"
77 <b ><input style =" all unset " type =" submit" value =" <%= translate(locale, " Unsubscribe" %> | <%= sub_count_text %> " b >
88 </button >
1111 <% else %>
1212 <p >
1313 <form action =" /subscription_ajax?action_create_subscription_to_channel=1&c=<%= ucid %> &referer=<%= env.get(" current_page" %> " method =" post"
14- <input type =" hidden" name =" csrf_token" value =" <%= URI .encode_www_form (env.get?(" csrf_token" & .as(String ) || " " %> "
14+ <input type =" hidden" name =" csrf_token" value =" <%= HTML .escape (env.get?(" csrf_token" & .as(String ) || " " %> "
1515 <button data-type =" subscribe" id =" subscribe" class =" pure-button pure-button-primary"
1616 <b ><input style =" all unset " type =" submit" value =" <%= translate(locale, " Subscribe" %> | <%= sub_count_text %> " b >
1717 </button >
Original file line number Diff line number Diff line change 3030 </button >
3131 </div >
3232
33- <input type =" hidden" name =" csrf_token" value =" <%= URI .encode_www_form (csrf_token) %> "
33+ <input type =" hidden" name =" csrf_token" value =" <%= HTML .escape (csrf_token) %> "
3434 </fieldset >
3535 </form >
3636 </div >
Original file line number Diff line number Diff line change 1919 </div >
2020 </div >
2121
22- <input type =" hidden" name =" csrf_token" value =" <%= URI .encode_www_form (csrf_token) %> "
22+ <input type =" hidden" name =" csrf_token" value =" <%= HTML .escape (csrf_token) %> "
2323 </form >
2424</div >
Original file line number Diff line number Diff line change 1919 </div >
2020 </div >
2121
22- <input type =" hidden" name =" csrf_token" value =" <%= URI .encode_www_form (csrf_token) %> "
22+ <input type =" hidden" name =" csrf_token" value =" <%= HTML .escape (csrf_token) %> "
2323 </form >
2424</div >
Original file line number Diff line number Diff line change 4141 <div class =" h-box"
4242 <textarea maxlength =" 5000" name =" description" style =" margin-top 10px ;max-width 100% ;height 20vh " class =" pure-input-1" <%= playlist.description %> </textarea >
4343 </div >
44- <input type =" hidden" name =" csrf_token" value =" <%= URI .encode_www_form (csrf_token) %> "
44+ <input type =" hidden" name =" csrf_token" value =" <%= HTML .escape (csrf_token) %> "
4545</form >
4646
4747<% if playlist.is_a?(InvidiousPlaylist ) && playlist.author == user.try & .email %>
Original file line number Diff line number Diff line change 6666 <% captcha = captcha.not_nil! %>
6767 <img style =" width 50% " src =' <%= captcha[:question ] %> '
6868 <% captcha[:tokens ].each_with_index do |token , i | %>
69- <input type =" hidden" name =" token[<%= i %> ]" value =" <%= URI .encode_www_form (token) %> "
69+ <input type =" hidden" name =" token[<%= i %> ]" value =" <%= HTML .escape (token) %> "
7070 <% end %>
7171 <input type =" hidden" name =" captcha_type" value =" image"
7272 <label for =" answer" <%= translate(locale, " Time (h:mm:ss):" %> </label >
7373 <input type =" text" name =" answer" type =" text" placeholder =" h:mm:ss"
7474 <% else # "text" %>
7575 < % captcha = captcha.not_nil! %>
7676 <% captcha[:tokens ].each_with_index do |token , i | %>
77- <input type =" hidden" name =" token[<%= i %> ]" value =" <%= URI .encode_www_form (token) %> "
77+ <input type =" hidden" name =" token[<%= i %> ]" value =" <%= HTML .escape (token) %> "
7878 <% end %>
7979 <input type =" hidden" name =" captcha_type" value =" text"
8080 <label for =" answer" <%= captcha[:question ] %> </label >
You can’t perform that action at this time.
0 commit comments