Closed FelixSchwarz closed 1 month ago
Ikr, tbh I didn't bother since the server admin is responsible for their server and users cannot use the plugin API anyway. Feel free to PR the issue
Well, the import will break if YouTube video contains a double quote in the title or similar things. I am not too concerned about security even though it might be possible to get some remote code execution once you trick a Jellyfin admin to import a certain youtube video but then I don't know anything about the code.
However let's leave it at that, I'm not using FinTube right now.
The problem should be obvious, please let me know if I should explain this in more detail: https://github.com/AECX/FinTube/blob/fcabbf851ab39f3f9a15531e9747c7ea27352cd0/Jellyfin.Plugin.FinTube/Api/FinTubeActivityController.cs#L140C21-L140C25