X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=server%2Fcontrollers%2Fservices.ts;h=8c0af9ff7546c6c58f60a22e06b93ffdff36830d;hb=35f676e5d3e5e242e84ed63da2cc78117079c7cb;hp=d0217c30ae9db1dc7ee882674f79fa04c00488a0;hpb=6fad8e51c47b9d07bea99b777c1f55c10f6d576d;p=github%2FChocobozzz%2FPeerTube.git

diff --git a/server/controllers/services.ts b/server/controllers/services.ts
index d0217c30a..8c0af9ff7 100644
--- a/server/controllers/services.ts
+++ b/server/controllers/services.ts
@@ -3,6 +3,7 @@ import { EMBED_SIZE, PREVIEWS_SIZE, WEBSERVER, THUMBNAILS_SIZE } from '../initia
 import { asyncMiddleware, oembedValidator } from '../middlewares'
 import { accountNameWithHostGetValidator } from '../middlewares/validators'
 import { MChannelSummary } from '@server/types/models'
+import { escapeHTML } from '@shared/core-utils/renderer'
 
 const servicesRouter = express.Router()
 
@@ -77,16 +78,18 @@ function buildOEmbed (options: {
   const maxWidth = parseInt(req.query.maxwidth, 10)
 
   const embedUrl = webserverUrl + embedPath
-  let embedWidth = EMBED_SIZE.width
-  let embedHeight = EMBED_SIZE.height
+  const embedTitle = escapeHTML(title)
 
   let thumbnailUrl = previewPath
     ? webserverUrl + previewPath
     : undefined
 
-  if (maxHeight < embedHeight) embedHeight = maxHeight
+  let embedWidth = EMBED_SIZE.width
   if (maxWidth < embedWidth) embedWidth = maxWidth
 
+  let embedHeight = EMBED_SIZE.height
+  if (maxHeight < embedHeight) embedHeight = maxHeight
+
   // Our thumbnail is too big for the consumer
   if (
     (maxHeight !== undefined && maxHeight < previewSize.height) ||
@@ -96,7 +99,7 @@ function buildOEmbed (options: {
   }
 
   const html = `<iframe width="${embedWidth}" height="${embedHeight}" sandbox="allow-same-origin allow-scripts" ` +
-    `src="${embedUrl}" frameborder="0" allowfullscreen></iframe>`
+    `title="${embedTitle}" src="${embedUrl}" frameborder="0" allowfullscreen></iframe>`
 
   const json: any = {
     type: 'video',