search

iv-org / invidious

Invidious is an alternative front-end to YouTube
https://invidious.io
GNU Affero General Public License v3.0
16.19k stars 1.79k forks source link

HTML: Fix XSS vulnerability in description/comments #4852

Closed SamantazFox closed 1 month ago

SamantazFox commented 1 month ago

Before that PR, the comment/description content was not HTML escaped when parse_description was called with a JSON object that was lacking the "commandRuns" entry.

Closes #4727