From 6522521b88b2bbf7dd528d0b84fd2441831378a9 Mon Sep 17 00:00:00 2001
From: ChunkyProgrammer <78101139+ChunkyProgrammer@users.noreply.github.com>
Date: Wed, 21 Jul 2021 10:37:55 -0400
Subject: [PATCH] Escape HTML in chat & comments (#1342)

* Fix comment regex & live chat

* fix regex
---
 .../watch-video-comments/watch-video-comments.js          | 6 +++---
 .../watch-video-live-chat/watch-video-live-chat.js        | 8 ++++----
 2 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/src/renderer/components/watch-video-comments/watch-video-comments.js b/src/renderer/components/watch-video-comments/watch-video-comments.js
index b4e46886..efbe9c9e 100644
--- a/src/renderer/components/watch-video-comments/watch-video-comments.js
+++ b/src/renderer/components/watch-video-comments/watch-video-comments.js
@@ -250,7 +250,7 @@ export default Vue.extend({
         if (this.hideCommentLikes) {
           comment.likes = null
         }
-        comment.text = autolinker.link(comment.text)
+        comment.text = autolinker.link(comment.text.replace(/(<([^>]+)>)/ig, ''))
 
         return comment
       })
@@ -282,7 +282,7 @@ export default Vue.extend({
           } else {
             comment.likes = comment.likeCount
           }
-          comment.text = autolinker.link(comment.content)
+          comment.text = autolinker.link(comment.content.replace(/(<([^>]+)>)/ig, ''))
           comment.dataType = 'invidious'
 
           if (typeof (comment.replies) !== 'undefined' && typeof (comment.replies.replyCount) !== 'undefined') {
@@ -348,7 +348,7 @@ export default Vue.extend({
           } else {
             comment.likes = comment.likeCount
           }
-          comment.text = autolinker.link(comment.content)
+          comment.text = autolinker.link(comment.content.replace(/(<([^>]+)>)/ig, ''))
           comment.time = comment.publishedText
           comment.dataType = 'invidious'
           comment.numReplies = 0
diff --git a/src/renderer/components/watch-video-live-chat/watch-video-live-chat.js b/src/renderer/components/watch-video-live-chat/watch-video-live-chat.js
index 1b74d467..ea72b7f5 100644
--- a/src/renderer/components/watch-video-live-chat/watch-video-live-chat.js
+++ b/src/renderer/components/watch-video-live-chat/watch-video-live-chat.js
@@ -157,15 +157,15 @@ export default Vue.extend({
         if (typeof (text.navigationEndpoint) !== 'undefined') {
           if (typeof (text.navigationEndpoint.watchEndpoint) !== 'undefined') {
             const htmlRef = `<a href="https://www.youtube.com/watch?v=${text.navigationEndpoint.watchEndpoint.videoId}">${text.text}</a>`
-            comment.messageHtml = comment.messageHtml + htmlRef
+            comment.messageHtml = comment.messageHtml.replace(/(<([^>]+)>)/ig, '') + htmlRef
           } else {
-            comment.messageHtml = comment.messageHtml + text.text
+            comment.messageHtml = (comment.messageHtml + text.text).replace(/(<([^>]+)>)/ig, '')
           }
         } else if (typeof (text.alt) !== 'undefined') {
           const htmlImg = `<img src="${text.url}" alt="${text.alt}" height="24" width="24" />`
-          comment.messageHtml = comment.messageHtml + htmlImg
+          comment.messageHtml = comment.messageHtml.replace(/(<([^>]+)>)/ig, '') + htmlImg
         } else {
-          comment.messageHtml = comment.messageHtml + text.text
+          comment.messageHtml = (comment.messageHtml + text.text).replace(/(<([^>]+)>)/ig, '')
         }
       })