fix: Escape href and src URIs

This commit is contained in:
Daniel Kempkens 2023-05-18 12:52:47 +02:00
parent b7ee6159e8
commit 5078b3ec07
Signed by: daniel
SSH key fingerprint: SHA256:Ks/MyhQYcPRQiwMKLAKquWCdCPe3JXlb1WttgnAoSeM
2 changed files with 3 additions and 3 deletions

View file

@ -27,7 +27,7 @@
<div class="carousel-inner">
<%= for {img, i} <- Enum.with_index(media.images) do %>
<div class="carousel-item <%= if i == 0, do: "active" %>">
<img src="<%= img %>" class="d-block w-100">
<img src="<%= URI.encode(img) %>" class="d-block w-100">
</div>
<% end %>
</div>
@ -48,7 +48,7 @@
<div class="row">
<%= for video <- media.videos do %>
<video controls>
<source src="<%= video %>" type="video/mp4">
<source src="<%= URI.encode(video) %>" type="video/mp4">
</video>
<% end %>
</div>

View file

@ -19,7 +19,7 @@
<%= for post <- posts do %>
<div class="card">
<div class="card-body">
<h5 class="card-title"><a href="/r/<%= subreddit %>/<%= date %>/<%= post.filename %>"><%= post.title %></a></h5>
<h5 class="card-title"><a href="/r/<%= subreddit %>/<%= date %>/<%= URI.encode(post.filename) %>"><%= post.title %></a></h5>
<h6 class="card-subtitle mb-2 text-body-secondary">
<%= post.num_comments %> comment(s) - <%= trunc(post.created_utc) |> DateTime.from_unix!() |> DateTime.to_iso8601() %>
</h6>