From 76cc8ac66b88bb7ac632eee2e06d2557ec086151 Mon Sep 17 00:00:00 2001 From: Samantaz Fox Date: Tue, 8 Feb 2022 01:48:44 +0100 Subject: [PATCH] HTML escape error message --- src/invidious/helpers/errors.cr | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/src/invidious/helpers/errors.cr b/src/invidious/helpers/errors.cr index 3acbac84..6155e561 100644 --- a/src/invidious/helpers/errors.cr +++ b/src/invidious/helpers/errors.cr @@ -38,12 +38,15 @@ def error_template_helper(env : HTTP::Server::Context, status_code : Int32, exce issue_title = "#{exception.message} (#{exception.class})" - issue_template = %(Title: `#{issue_title}`) - issue_template += %(\nDate: `#{Time::Format::ISO_8601_DATE_TIME.format(Time.utc)}`) - issue_template += %(\nRoute: `#{env.request.resource}`) - issue_template += %(\nVersion: `#{SOFTWARE["version"]} @ #{SOFTWARE["branch"]}`) - # issue_template += github_details("Preferences", env.get("preferences").as(Preferences).to_pretty_json) - issue_template += github_details("Backtrace", exception.inspect_with_backtrace) + issue_template = <<-TEXT + Title: `#{HTML.escape(issue_title)}` + Date: `#{Time::Format::ISO_8601_DATE_TIME.format(Time.utc)}` + Route: `#{HTML.escape(env.request.resource)}` + Version: `#{SOFTWARE["version"]} @ #{SOFTWARE["branch"]}` + + TEXT + + issue_template += github_details("Backtrace", HTML.escape(exception.inspect_with_backtrace)) # URLs for the error message below url_faq = "https://github.com/iv-org/documentation/blob/master/FAQ.md"