Fix escaping for login page

2024-07-07 03:41:51 +00:00 · 2019-06-15 20:42:42 -05:00 · 2019-06-15 20:42:42 -05:00 · fcf377d26b
commit fcf377d26b
parent 3be1c9261f
1 changed files with 2 additions and 2 deletions
--- a/src/invidious/views/login.ecr
+++ b/src/invidious/views/login.ecr
@ -32,7 +32,7 @@
                        <% end %>

                        <% if password %>
-                            <input name="password" type="hidden" value="<%= password %>">
+                            <input name="password" type="hidden" value="<%= HTML.escape(password) %>">
                        <% else %>
                            <label for="password"><%= translate(locale, "Password") %> :</label>
                            <input required class="pure-input-1" name="password" type="password" placeholder="<%= translate(locale, "Password") %>">
@ -95,7 +95,7 @@
                        <% end %>

                        <% if password %>
-                            <input name="password" type="hidden" value="<%= password %>">
+                            <input name="password" type="hidden" value="<%= HTML.escape(password) %>">
                        <% else %>
                            <label for="password"><%= translate(locale, "Password") %> :</label>
                            <input required class="pure-input-1" name="password" type="password" placeholder="<%= translate(locale, "Password") %>">