forked from midou/invidious
HTML escape video mimetype
Video mimetype may contain code information between double quotes. If not properly escaped, it breaks the browser's parser. E.g: ``` type="video/mp4; codecs=" avc1.64001f,="" mp4a.40.2""="" ``` Thank Robin for catching this!
This commit is contained in:
parent
50c8afb525
commit
947fe4fbb3
@ -23,7 +23,7 @@
|
|||||||
src_url += "&local=true" if params.local
|
src_url += "&local=true" if params.local
|
||||||
|
|
||||||
quality = fmt["quality"]
|
quality = fmt["quality"]
|
||||||
mimetype = fmt["mimeType"]
|
mimetype = HTML.escape(fmt["mimeType"].as_s)
|
||||||
|
|
||||||
selected = params.quality ? (params.quality == quality) : (i == 0)
|
selected = params.quality ? (params.quality == quality) : (i == 0)
|
||||||
%>
|
%>
|
||||||
|
Loading…
Reference in New Issue
Block a user