github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-05-31 13:07:54 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

FIX: escape youtube title when constructing onebox preview html (#16999)

Browse Source
This commit is contained in:
Mayfield
2022-06-08 01:42:37 -04:00
committed by GitHub
parent 82ac698d4f
commit 99b0578b4c
2 changed files with 7 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
lib/onebox/engine/youtube_onebox.rb
View File

@ -42,7 +42,7 @@ module Onebox
result = parse_embed_response
result ||= get_opengraph.data
"<img src='#{result[:image]}' width='#{WIDTH}' height='#{HEIGHT}' title='#{result[:title]}'>"
"<img src='#{result[:image]}' width='#{WIDTH}' height='#{HEIGHT}' title='#{CGI::escapeHTML(result[:title])}'>"
else
to_html
end