From afb04c3bdaa29f19db44f6560ce7954bc656d791 Mon Sep 17 00:00:00 2001
From: ChunkyProgrammer <78101139+ChunkyProgrammer@users.noreply.github.com>
Date: Mon, 7 Aug 2023 11:58:20 -0700
Subject: [PATCH] HTMLl.Escape the playlist subtitle

---
 src/invidious/views/playlist.ecr | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/invidious/views/playlist.ecr b/src/invidious/views/playlist.ecr
index 3bc7596e..24ba437d 100644
--- a/src/invidious/views/playlist.ecr
+++ b/src/invidious/views/playlist.ecr
@@ -73,7 +73,8 @@
                 <% if !author.empty? %>
                     <a href="/channel/<%= playlist.ucid %>"><%= author %></a> |
                 <% elsif !playlist.subtitle.nil? %>
-                    <span><%= playlist.subtitle.try &.split(" • ")[0] %></span> |
+                    <% subtitle = playlist.subtitle || "" %>
+                    <span><%= HTML.escape(subtitle[0..subtitle.rindex(" • ") || subtitle.size]) %></span> |
                 <% end %>
                 <%= translate_count(locale, "generic_videos_count", playlist.video_count) %> |
                 <%= translate(locale, "Updated `x` ago", recode_date(playlist.updated, locale)) %>