AECX
commented
1 month ago Ikr, tbh I didn't bother since the server admin is responsible for their server and users cannot use the plugin API anyway. Feel free to PR the issue
Closed FelixSchwarz closed 1 month ago
AECX
commented
1 month ago Ikr, tbh I didn't bother since the server admin is responsible for their server and users cannot use the plugin API anyway. Feel free to PR the issue
FelixSchwarz
commented
1 month ago Well, the import will break if YouTube video contains a double quote in the title or similar things. I am not too concerned about security even though it might be possible to get some remote code execution once you trick a Jellyfin admin to import a certain youtube video but then I don't know anything about the code.
However let's leave it at that, I'm not using FinTube right now.
The problem should be obvious, please let me know if I should explain this in more detail: https://github.com/AECX/FinTube/blob/fcabbf851ab39f3f9a15531e9747c7ea27352cd0/Jellyfin.Plugin.FinTube/Api/FinTubeActivityController.cs#L140C21-L140C25