From b30511af92c7d254aa81a0594e55fdae97b5bcfe Mon Sep 17 00:00:00 2001
From: Ashley //// <iamashley@duck.com>
Date: Thu, 11 Apr 2024 08:21:04 +0000
Subject: [PATCH] use escapeHtml

---
 html/poketube.ejs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/html/poketube.ejs b/html/poketube.ejs
index 1ef47051..97db4c6f 100644
--- a/html/poketube.ejs
+++ b/html/poketube.ejs
@@ -1604,7 +1604,7 @@ WIP!                                                 </a>
                                             <% } %>
                         </h5>
                         <p class="comment" style="font-weight:700">
-                            <%- x.content %><br><br>
+                            <%- escapeHtml(x.content) %><br><br>
                                 <% if (x.like_count === 0) { %><i class="fa-light fa-thumbs-up"></i> | <i class="fa-light fa-thumbs-down"></i>
                                     <% } else { %><i class="fa-light fa-thumbs-up"></i>
                                         <%= x.like_count %> | <i class="fa-light fa-thumbs-down"></i>