From 6c4ed282bb8e2a6ed0c756ea012f6b1fa8e6cc48 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=C3=89milien=20Devos?= <contact@emiliendevos.be>
Date: Thu, 14 Jul 2022 21:26:58 +0000
Subject: [PATCH] HTML escape username

---
 src/invidious/views/template.ecr | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/invidious/views/template.ecr b/src/invidious/views/template.ecr
index 4e2b29f0..caf5299f 100644
--- a/src/invidious/views/template.ecr
+++ b/src/invidious/views/template.ecr
@@ -68,7 +68,7 @@
                         </div>
                         <% if env.get("preferences").as(Preferences).show_nick %>
                             <div class="pure-u-1-4">
-                                <span id="user_name"><%= env.get("user").as(Invidious::User).email %></span>
+                                <span id="user_name"><%= HTML.escape(env.get("user").as(Invidious::User).email) %></span>
                             </div>
                         <% end %>
                         <div class="pure-u-1-4">