Escape (some) channel names in frontend
This commit is contained in:
parent
78da8f8899
commit
14cd6c829c
@ -320,7 +320,7 @@ def template_youtube_comments(comments, locale, thin_mode, is_replies = false)
|
||||
<div class="pure-u-20-24 pure-u-md-22-24">
|
||||
<p>
|
||||
<b>
|
||||
<a class="#{child["authorIsChannelOwner"] == true ? "channel-owner" : ""}" href="#{child["authorUrl"]}">#{child["author"]}</a>
|
||||
<a class="#{child["authorIsChannelOwner"] == true ? "channel-owner" : ""}" href="#{child["authorUrl"]}">#{HTML.escape(child["author"].to_s)}</a>
|
||||
</b>
|
||||
<p style="white-space:pre-wrap">#{child["contentHtml"]}</p>
|
||||
END_HTML
|
||||
@ -458,7 +458,7 @@ def template_reddit_comments(root, locale)
|
||||
html << <<-END_HTML
|
||||
<p>
|
||||
<a href="javascript:void(0)" data-onclick="toggle_parent">[ - ]</a>
|
||||
<b><a href="https://www.reddit.com/user/#{child.author}">#{child.author}</a></b>
|
||||
<b><a href="https://www.reddit.com/user/#{child.author}">#{HTML.escape(child.author)}</a></b>
|
||||
#{translate(locale, "`x` points", number_with_separator(child.score))}
|
||||
<span title="#{child.created_utc.to_s(translate(locale, "%a %B %-d %T %Y UTC"))}">#{translate(locale, "`x` ago", recode_date(child.created_utc, locale))}</span>
|
||||
<a href="https://www.reddit.com#{child.permalink}" title="#{translate(locale, "permalink")}">#{translate(locale, "permalink")}</a>
|
||||
|
@ -37,7 +37,7 @@
|
||||
<% end %>
|
||||
</a>
|
||||
<div class="featured-channel-about">
|
||||
<p class="featured-channel-title"><a href="/channel/<%= item.ucid %>"><%= item.author %></a></p>
|
||||
<p class="featured-channel-title"><a href="/channel/<%= item.ucid %>"><%= HTML.escape(item.author) %></a></p>
|
||||
<div class="featured-channel-metadata">
|
||||
<p><%= translate(locale, "`x` subscribers", number_with_separator(item.subscriber_count)) %></p>
|
||||
<p><%= translate(locale, "`x` videos", number_with_separator(item.video_count)) %></p>
|
||||
@ -63,7 +63,7 @@
|
||||
<% end %>
|
||||
</a>
|
||||
<div class="featured-channel-about">
|
||||
<p class="featured-channel-title"><a href="/channel/<%= item.ucid %>"><%= item.author %></a></p>
|
||||
<p class="featured-channel-title"><a href="/channel/<%= item.ucid %>"><%= HTML.escape(item.author) %></a></p>
|
||||
<div class="featured-channel-metadata">
|
||||
<span><%= translate(locale, "`x` subscribers", number_with_separator(item.subscriber_count)) %></span>
|
||||
<span class="seperator"> | </span>
|
||||
|
@ -36,7 +36,7 @@
|
||||
<div class="pure-u-2-3">
|
||||
<div class="channel-profile">
|
||||
<img src="/ggpht<%= URI.parse(channel.author_thumbnail).request_target %>">
|
||||
<span><%= channel.author %></span>
|
||||
<span><%= HTML.escape(channel.author) %></span>
|
||||
</div>
|
||||
</div>
|
||||
<div class="pure-u-1-3" style="text-align:right">
|
||||
|
@ -8,7 +8,7 @@
|
||||
<div class="pure-u-2-3">
|
||||
<h3><input class="pure-input-1" maxlength="150" name="title" type="text" value="<%= playlist.title %>"></h3>
|
||||
<b>
|
||||
<%= playlist.author %> |
|
||||
<%= HTML.escape(playlist.author) %> |
|
||||
<%= translate(locale, "`x` videos", "#{playlist.video_count}") %> |
|
||||
<%= translate(locale, "Updated `x` ago", recode_date(playlist.updated, locale)) %> |
|
||||
<i class="icon <%= {"ion-md-globe", "ion-ios-unlock", "ion-ios-lock"}[playlist.privacy.value] %>"></i>
|
||||
|
@ -11,7 +11,7 @@
|
||||
<% if playlist.author == user.try &.email %>
|
||||
<a href="/view_all_playlists"><%= playlist.author %></a> |
|
||||
<% else %>
|
||||
<%= playlist.author %> |
|
||||
<%= HTML.escape(playlist.author) %> |
|
||||
<% end %>
|
||||
<%= translate(locale, "`x` videos", "#{playlist.video_count}") %> |
|
||||
<%= translate(locale, "Updated `x` ago", recode_date(playlist.updated, locale)) %> |
|
||||
@ -26,7 +26,7 @@
|
||||
</b>
|
||||
<% else %>
|
||||
<b>
|
||||
<a href="/channel/<%= playlist.ucid %>"><%= playlist.author %></a> |
|
||||
<a href="/channel/<%= playlist.ucid %>"><%= HTML.escape(playlist.author) %></a> |
|
||||
<%= translate(locale, "`x` videos", "#{playlist.video_count}") %> |
|
||||
<%= translate(locale, "`x` videos", "#{playlist.views}") %> |
|
||||
<%= translate(locale, "Updated `x` ago", recode_date(playlist.updated, locale)) %>
|
||||
|
@ -31,7 +31,7 @@
|
||||
<div class="pure-g<% if channel.deleted %> deleted <% end %>">
|
||||
<div class="pure-u-2-5">
|
||||
<h3 style="padding-left:0.5em">
|
||||
<a href="/channel/<%= channel.id %>"><%= channel.author %></a>
|
||||
<a href="/channel/<%= channel.id %>"><%= HTML.escape(channel.author) %></a>
|
||||
</h3>
|
||||
</div>
|
||||
<div class="pure-u-2-5"></div>
|
||||
|
@ -227,7 +227,7 @@ we're going to need to do it here in order to allow for translations.
|
||||
<% if !video.author_thumbnail.empty? %>
|
||||
<img src="/ggpht<%= URI.parse(video.author_thumbnail).request_target %>">
|
||||
<% end %>
|
||||
<span id="channel-name"><%= video.author %></span>
|
||||
<span id="channel-name"><%= HTML.escape(video.author) %></span>
|
||||
</div>
|
||||
</a>
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user