From 9dc4f8a1aa7ac183b2eadf73a5f0be35931e8ce3 Mon Sep 17 00:00:00 2001
From: Omar Roth <omarroth@protonmail.com>
Date: Wed, 4 Mar 2020 13:03:14 -0500
Subject: [PATCH] Escape item titles in search page

---
 src/invidious/views/components/item.ecr | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/invidious/views/components/item.ecr b/src/invidious/views/components/item.ecr
index f7b9cce6..9669aaeb 100644
--- a/src/invidious/views/components/item.ecr
+++ b/src/invidious/views/components/item.ecr
@@ -44,7 +44,7 @@
                         <% end %>
                     </div>
                 <% end %>
-                <p><%= item.title %></p>
+                <p><%= HTML.escape(item.title) %></p>
             </a>
             <p>
                 <b>
@@ -76,7 +76,7 @@
                         <% end %>
                     </div>
                 <% end %>
-                <p><a href="/watch?v=<%= item.id %>"><%= item.title %></a></p>
+                <p><a href="/watch?v=<%= item.id %>"><%= HTML.escape(item.title) %></a></p>
             </a>
             <p>
                 <b>
@@ -137,7 +137,7 @@
                     </div>
                 </a>
             <% end %>
-            <p><a href="/watch?v=<%= item.id %>"><%= item.title %></a></p>
+            <p><a href="/watch?v=<%= item.id %>"><%= HTML.escape(item.title) %></a></p>
             <p>
                 <b>
                     <a style="width:100%" href="/channel/<%= item.ucid %>"><%= item.author %></a>