fix: Escape href and src URIs
This commit is contained in:
parent
b7ee6159e8
commit
5078b3ec07
2 changed files with 3 additions and 3 deletions
|
@ -27,7 +27,7 @@
|
||||||
<div class="carousel-inner">
|
<div class="carousel-inner">
|
||||||
<%= for {img, i} <- Enum.with_index(media.images) do %>
|
<%= for {img, i} <- Enum.with_index(media.images) do %>
|
||||||
<div class="carousel-item <%= if i == 0, do: "active" %>">
|
<div class="carousel-item <%= if i == 0, do: "active" %>">
|
||||||
<img src="<%= img %>" class="d-block w-100">
|
<img src="<%= URI.encode(img) %>" class="d-block w-100">
|
||||||
</div>
|
</div>
|
||||||
<% end %>
|
<% end %>
|
||||||
</div>
|
</div>
|
||||||
|
@ -48,7 +48,7 @@
|
||||||
<div class="row">
|
<div class="row">
|
||||||
<%= for video <- media.videos do %>
|
<%= for video <- media.videos do %>
|
||||||
<video controls>
|
<video controls>
|
||||||
<source src="<%= video %>" type="video/mp4">
|
<source src="<%= URI.encode(video) %>" type="video/mp4">
|
||||||
</video>
|
</video>
|
||||||
<% end %>
|
<% end %>
|
||||||
</div>
|
</div>
|
||||||
|
|
|
@ -19,7 +19,7 @@
|
||||||
<%= for post <- posts do %>
|
<%= for post <- posts do %>
|
||||||
<div class="card">
|
<div class="card">
|
||||||
<div class="card-body">
|
<div class="card-body">
|
||||||
<h5 class="card-title"><a href="/r/<%= subreddit %>/<%= date %>/<%= post.filename %>"><%= post.title %></a></h5>
|
<h5 class="card-title"><a href="/r/<%= subreddit %>/<%= date %>/<%= URI.encode(post.filename) %>"><%= post.title %></a></h5>
|
||||||
<h6 class="card-subtitle mb-2 text-body-secondary">
|
<h6 class="card-subtitle mb-2 text-body-secondary">
|
||||||
<%= post.num_comments %> comment(s) - <%= trunc(post.created_utc) |> DateTime.from_unix!() |> DateTime.to_iso8601() %>
|
<%= post.num_comments %> comment(s) - <%= trunc(post.created_utc) |> DateTime.from_unix!() |> DateTime.to_iso8601() %>
|
||||||
</h6>
|
</h6>
|
||||||
|
|
Reference in a new issue