diff options
author | Chocobozzz <florian.bigard@gmail.com> | 2017-10-17 16:53:10 +0200 |
---|---|---|
committer | Chocobozzz <florian.bigard@gmail.com> | 2017-10-17 16:53:10 +0200 |
commit | 49347a0a8b64559192d8f29f1237308025a48fd4 (patch) | |
tree | fca36cdbd9d0259313234c7e5703276f672364e9 /server/controllers/client.ts | |
parent | c6e0bfbf582205410bf166118956a368f6a4cbaa (diff) | |
download | PeerTube-49347a0a8b64559192d8f29f1237308025a48fd4.tar.gz PeerTube-49347a0a8b64559192d8f29f1237308025a48fd4.tar.zst PeerTube-49347a0a8b64559192d8f29f1237308025a48fd4.zip |
Escape opengraph/oembed tags
Diffstat (limited to 'server/controllers/client.ts')
-rw-r--r-- | server/controllers/client.ts | 19 |
1 files changed, 11 insertions, 8 deletions
diff --git a/server/controllers/client.ts b/server/controllers/client.ts index e3c962058..6a2ac4aab 100644 --- a/server/controllers/client.ts +++ b/server/controllers/client.ts | |||
@@ -10,7 +10,7 @@ import { | |||
10 | STATIC_MAX_AGE, | 10 | STATIC_MAX_AGE, |
11 | OPENGRAPH_AND_OEMBED_COMMENT | 11 | OPENGRAPH_AND_OEMBED_COMMENT |
12 | } from '../initializers' | 12 | } from '../initializers' |
13 | import { root, readFileBufferPromise } from '../helpers' | 13 | import { root, readFileBufferPromise, escapeHTML } from '../helpers' |
14 | import { VideoInstance } from '../models' | 14 | import { VideoInstance } from '../models' |
15 | 15 | ||
16 | const clientsRouter = express.Router() | 16 | const clientsRouter = express.Router() |
@@ -47,21 +47,24 @@ function addOpenGraphAndOEmbedTags (htmlStringPage: string, video: VideoInstance | |||
47 | const previewUrl = CONFIG.WEBSERVER.URL + STATIC_PATHS.PREVIEWS + video.getPreviewName() | 47 | const previewUrl = CONFIG.WEBSERVER.URL + STATIC_PATHS.PREVIEWS + video.getPreviewName() |
48 | const videoUrl = CONFIG.WEBSERVER.URL + '/videos/watch/' + video.uuid | 48 | const videoUrl = CONFIG.WEBSERVER.URL + '/videos/watch/' + video.uuid |
49 | 49 | ||
50 | const videoName = escapeHTML(video.name) | ||
51 | const videoDescription = escapeHTML(video.description) | ||
52 | |||
50 | const openGraphMetaTags = { | 53 | const openGraphMetaTags = { |
51 | 'og:type': 'video', | 54 | 'og:type': 'video', |
52 | 'og:title': video.name, | 55 | 'og:title': videoName, |
53 | 'og:image': previewUrl, | 56 | 'og:image': previewUrl, |
54 | 'og:url': videoUrl, | 57 | 'og:url': videoUrl, |
55 | 'og:description': video.description, | 58 | 'og:description': videoDescription, |
56 | 59 | ||
57 | 'name': video.name, | 60 | 'name': videoName, |
58 | 'description': video.description, | 61 | 'description': videoDescription, |
59 | 'image': previewUrl, | 62 | 'image': previewUrl, |
60 | 63 | ||
61 | 'twitter:card': 'summary_large_image', | 64 | 'twitter:card': 'summary_large_image', |
62 | 'twitter:site': '@Chocobozzz', | 65 | 'twitter:site': '@Chocobozzz', |
63 | 'twitter:title': video.name, | 66 | 'twitter:title': videoName, |
64 | 'twitter:description': video.description, | 67 | 'twitter:description': videoDescription, |
65 | 'twitter:image': previewUrl | 68 | 'twitter:image': previewUrl |
66 | } | 69 | } |
67 | 70 | ||
@@ -69,7 +72,7 @@ function addOpenGraphAndOEmbedTags (htmlStringPage: string, video: VideoInstance | |||
69 | { | 72 | { |
70 | type: 'application/json+oembed', | 73 | type: 'application/json+oembed', |
71 | href: CONFIG.WEBSERVER.URL + '/services/oembed?url=' + encodeURIComponent(videoUrl), | 74 | href: CONFIG.WEBSERVER.URL + '/services/oembed?url=' + encodeURIComponent(videoUrl), |
72 | title: video.name | 75 | title: videoName |
73 | } | 76 | } |
74 | ] | 77 | ] |
75 | 78 | ||