HTML escape username

2024-07-04 10:31:54 +00:00 · 2022-07-14 21:26:58 +00:00 · 2022-07-14 21:26:58 +00:00 · 6c4ed282bb
commit 6c4ed282bb
parent 0ed22c0be0
1 changed files with 1 additions and 1 deletions
--- a/src/invidious/views/template.ecr
+++ b/src/invidious/views/template.ecr
@ -68,7 +68,7 @@
                        </div>
                        <% if env.get("preferences").as(Preferences).show_nick %>
                            <div class="pure-u-1-4">
-                                <span id="user_name"><%= env.get("user").as(Invidious::User).email %></span>
+                                <span id="user_name"><%= HTML.escape(env.get("user").as(Invidious::User).email) %></span>
                            </div>
                        <% end %>
                        <div class="pure-u-1-4">