From 0947c266122a49e8452e9a3efb978a1e38048868 Mon Sep 17 00:00:00 2001 From: mastihios <91783447+mastihios@users.noreply.github.com> Date: Mon, 11 Oct 2021 12:18:20 +0000 Subject: [PATCH] Fix URL-encoding in href strings (#2460) * hrefs: replace HTML.escape w/ URI.encode_www_form * Fix search_query_encoded --- src/invidious/views/add_playlist_items.ecr | 4 ++-- src/invidious/views/channel.ecr | 4 ++-- src/invidious/views/components/item.ecr | 4 ++-- src/invidious/views/playlists.ecr | 2 +- src/invidious/views/search.ecr | 14 +++++++------- 5 files changed, 14 insertions(+), 14 deletions(-) diff --git a/src/invidious/views/add_playlist_items.ecr b/src/invidious/views/add_playlist_items.ecr index 09eacbc8..c62861b0 100644 --- a/src/invidious/views/add_playlist_items.ecr +++ b/src/invidious/views/add_playlist_items.ecr @@ -41,7 +41,7 @@
<% if page > 1 %> - + <%= translate(locale, "Previous page") %> <% end %> @@ -49,7 +49,7 @@
<% if count >= 20 %> - + <%= translate(locale, "Next page") %> <% end %> diff --git a/src/invidious/views/channel.ecr b/src/invidious/views/channel.ecr index 09cfb76e..7f797e37 100644 --- a/src/invidious/views/channel.ecr +++ b/src/invidious/views/channel.ecr @@ -96,7 +96,7 @@
diff --git a/src/invidious/views/playlists.ecr b/src/invidious/views/playlists.ecr index d9a17a9b..1245256f 100644 --- a/src/invidious/views/playlists.ecr +++ b/src/invidious/views/playlists.ecr @@ -96,7 +96,7 @@
<% if continuation %> - &sort_by=<%= HTML.escape(sort_by) %><% end %>"> + &sort_by=<%= URI.encode_www_form(sort_by) %><% end %>"> <%= translate(locale, "Next page") %> <% end %> diff --git a/src/invidious/views/search.ecr b/src/invidious/views/search.ecr index fd176e41..db374548 100644 --- a/src/invidious/views/search.ecr +++ b/src/invidious/views/search.ecr @@ -2,7 +2,7 @@ <%= search_query.not_nil!.size > 30 ? HTML.escape(query.not_nil![0,30].rstrip(".") + "...") : HTML.escape(query.not_nil!) %> - Invidious <% end %> -<% search_query_encoded = env.get?("search").try { |x| URI.encode(x.as(String), space_to_plus: true) } %> +<% search_query_encoded = env.get?("search").try { |x| URI.encode_www_form(x.as(String), space_to_plus: true) } %> <% if count == 0 %> @@ -23,7 +23,7 @@ <% if operator_hash.fetch("date", "all") == date %> <%= translate(locale, date) %> <% else %> - &page=<%= page %>"> + &page=<%= page %>"> <%= translate(locale, date) %> <% end %> @@ -38,7 +38,7 @@ <% if operator_hash.fetch("content_type", "all") == content_type %> <%= translate(locale, content_type) %> <% else %> - &page=<%= page %>"> + &page=<%= page %>"> <%= translate(locale, content_type) %> <% end %> @@ -53,7 +53,7 @@ <% if operator_hash.fetch("duration", "all") == duration %> <%= translate(locale, duration) %> <% else %> - &page=<%= page %>"> + &page=<%= page %>"> <%= translate(locale, duration) %> <% end %> @@ -68,11 +68,11 @@ <% if operator_hash.fetch("features", "all").includes?(feature) %> <%= translate(locale, feature) %> <% elsif operator_hash.has_key?("features") %> - &page=<%= page %>"> + &page=<%= page %>"> <%= translate(locale, feature) %> <% else %> - &page=<%= page %>"> + &page=<%= page %>"> <%= translate(locale, feature) %> <% end %> @@ -87,7 +87,7 @@ <% if operator_hash.fetch("sort", "relevance") == sort %> <%= translate(locale, sort) %> <% else %> - &page=<%= page %>"> + &page=<%= page %>"> <%= translate(locale, sort) %> <% end %>