Mirrored_Repos/invidious
1
0
Fork 0
mirror of https://github.com/iv-org/invidious.git synced 2025-11-04 14:41:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix referer escaping

Browse Source
This commit is contained in:
Omar Roth
2019-05-03 12:15:21 -05:00
parent 757ea93393
commit ad8750b40d
6 changed files with 6 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/invidious/views/clear_watch_history.ecr
View File

@@ -13,7 +13,7 @@
</button>
</div>
<div class="pure-u-1-2">
<a class="pure-button" href="<%= referer %>">
<a class="pure-button" href="<%= URI.escape(referer) %>">
<%= translate(locale, "No") %>
</a>
</div>

2
src/invidious/views/data_control.ecr
View File

@@ -3,7 +3,7 @@
<% end %>
<div class="h-box">
<form class="pure-form pure-form-aligned" enctype="multipart/form-data" action="/data_control?referer=<%= referer %>" method="post">
<form class="pure-form pure-form-aligned" enctype="multipart/form-data" action="/data_control?referer=<%= URI.escape(referer) %>" method="post">
<fieldset>
<legend><%= translate(locale, "Import") %></legend>

2
src/invidious/views/delete_account.ecr
View File

@@ -13,7 +13,7 @@
</button>
</div>
<div class="pure-u-1-2">
<a class="pure-button" href="<%= referer %>">
<a class="pure-button" href="<%= URI.escape(referer) %>">
<%= translate(locale, "No") %>
</a>
</div>

2
src/invidious/views/preferences.ecr
View File

@@ -9,7 +9,7 @@ function update_value(element) {
</script>
<div class="h-box">
<form class="pure-form pure-form-aligned" action="/preferences?referer=<%= referer %>" method="post">
<form class="pure-form pure-form-aligned" action="/preferences?referer=<%= URI.escape(referer) %>" method="post">
<fieldset>
<legend><%= translate(locale, "Player preferences") %></legend>

2
src/invidious/views/subscription_manager.ecr
View File

@@ -19,7 +19,7 @@
</div>
<div class="pure-u-1-3" style="text-align:right">
<h3>
<a href="/data_control?referer=<%= referer %>">
<a href="/data_control?referer=<%= URI.escape(referer) %>">
<%= translate(locale, "Import/export") %>
</a>
</h3>

2
src/invidious/views/token_manager.ecr
View File

@@ -11,7 +11,7 @@
<div class="pure-u-1-3"></div>
<div class="pure-u-1-3" style="text-align:right">
<h3>
<a href="/preferences?referer=<%= referer %>"><%= translate(locale, "Preferences") %></a>
<a href="/preferences?referer=<%= URI.escape(referer) %>"><%= translate(locale, "Preferences") %></a>
</h3>
</div>
</div>