From 49347a0a8b64559192d8f29f1237308025a48fd4 Mon Sep 17 00:00:00 2001 From: Chocobozzz Date: Tue, 17 Oct 2017 16:53:10 +0200 Subject: Escape opengraph/oembed tags --- server/controllers/client.ts | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) (limited to 'server/controllers/client.ts') diff --git a/server/controllers/client.ts b/server/controllers/client.ts index e3c962058..6a2ac4aab 100644 --- a/server/controllers/client.ts +++ b/server/controllers/client.ts @@ -10,7 +10,7 @@ import { STATIC_MAX_AGE, OPENGRAPH_AND_OEMBED_COMMENT } from '../initializers' -import { root, readFileBufferPromise } from '../helpers' +import { root, readFileBufferPromise, escapeHTML } from '../helpers' import { VideoInstance } from '../models' const clientsRouter = express.Router() @@ -47,21 +47,24 @@ function addOpenGraphAndOEmbedTags (htmlStringPage: string, video: VideoInstance const previewUrl = CONFIG.WEBSERVER.URL + STATIC_PATHS.PREVIEWS + video.getPreviewName() const videoUrl = CONFIG.WEBSERVER.URL + '/videos/watch/' + video.uuid + const videoName = escapeHTML(video.name) + const videoDescription = escapeHTML(video.description) + const openGraphMetaTags = { 'og:type': 'video', - 'og:title': video.name, + 'og:title': videoName, 'og:image': previewUrl, 'og:url': videoUrl, - 'og:description': video.description, + 'og:description': videoDescription, - 'name': video.name, - 'description': video.description, + 'name': videoName, + 'description': videoDescription, 'image': previewUrl, 'twitter:card': 'summary_large_image', 'twitter:site': '@Chocobozzz', - 'twitter:title': video.name, - 'twitter:description': video.description, + 'twitter:title': videoName, + 'twitter:description': videoDescription, 'twitter:image': previewUrl } @@ -69,7 +72,7 @@ function addOpenGraphAndOEmbedTags (htmlStringPage: string, video: VideoInstance { type: 'application/json+oembed', href: CONFIG.WEBSERVER.URL + '/services/oembed?url=' + encodeURIComponent(videoUrl), - title: video.name + title: videoName } ] -- cgit v1.2.3