From 94a7643ebc62082034abfd6d35e19b4cda140e0f Mon Sep 17 00:00:00 2001 From: drigato Date: Wed, 8 Apr 2015 15:00:02 -0400 Subject: [PATCH] Escape stream urls in the player js --- .../application/views/scripts/player/index.phtml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/airtime_mvc/application/views/scripts/player/index.phtml b/airtime_mvc/application/views/scripts/player/index.phtml index f079a4564..3f198e642 100644 --- a/airtime_mvc/application/views/scripts/player/index.phtml +++ b/airtime_mvc/application/views/scripts/player/index.phtml @@ -35,20 +35,21 @@ }; if (this.playerMode == "manual") { - this.settings.url = "streamURL ?>"; + this.settings.url = htmlEscape("streamURL ?>"); this.settings.codec = "codec ?>"; } else if (this.playerMode == "auto") { this.availableMobileStreamQueue = availableMobileStreams?>; this.availableDesktopStreamQueue = availableDesktopStreams?>; var stream = this.getNextAvailableStream(); - this.settings.url = stream["url"]; + this.settings.url = htmlEscape(stream["url"]); this.settings.codec = stream["codec"]; } // Create the Muses player object MRP.insert(this.settings); - $("p.station_name").html(htmlEscape("station_name?>")); + var station_name = htmlEscape("station_name?>"); + $("p.station_name").html(station_name); attachStreamMetadataToPlayer(); @@ -132,7 +133,6 @@ }; MusesPlayer.prototype.setURL = function(url) { - console.log("setURL"); MRP.setUrl(url); }; @@ -143,7 +143,7 @@ // connection limit reached or problem connecting to stream if (value === "0") { var stream = musesPlayer.getNextAvailableStream(); - musesPlayer.setURL(stream["url"]); + musesPlayer.setURL(htmlEscape(stream["url"])); musesPlayer.play(); } }