Merge pull request #3205 from iv-org/escape-username

This commit is contained in:
Samantaz Fox
2022-07-15 00:30:10 +02:00

View File

@@ -68,7 +68,7 @@
</div> </div>
<% if env.get("preferences").as(Preferences).show_nick %> <% if env.get("preferences").as(Preferences).show_nick %>
<div class="pure-u-1-4"> <div class="pure-u-1-4">
<span id="user_name"><%= env.get("user").as(Invidious::User).email %></span> <span id="user_name"><%= HTML.escape(env.get("user").as(Invidious::User).email) %></span>
</div> </div>
<% end %> <% end %>
<div class="pure-u-1-4"> <div class="pure-u-1-4">