Commit 6f47a30
committed
security: add client-side input validation to youtube HTML pages
Add a defense-in-depth validation layer to both public/youtube.html and
public/youtube_meta.html. Previously, parameters read from the URL hash
were passed directly to the YouTube IFrame API without any client-side
checks, relying solely on the upstream Lua layer for sanitization.1 parent b3c9969 commit 6f47a30
2 files changed
Lines changed: 10 additions & 3 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
75 | 75 | | |
76 | 76 | | |
77 | 77 | | |
78 | | - | |
79 | | - | |
| 78 | + | |
| 79 | + | |
| 80 | + | |
| 81 | + | |
| 82 | + | |
| 83 | + | |
80 | 84 | | |
81 | 85 | | |
82 | 86 | | |
| |||
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
74 | 74 | | |
75 | 75 | | |
76 | 76 | | |
77 | | - | |
| 77 | + | |
| 78 | + | |
| 79 | + | |
| 80 | + | |
78 | 81 | | |
79 | 82 | | |
80 | 83 | | |
| |||
0 commit comments