diff --git a/app/helpers/application_helper.rb b/app/helpers/application_helper.rb index 38b165fb6..4331d546a 100644 --- a/app/helpers/application_helper.rb +++ b/app/helpers/application_helper.rb @@ -259,7 +259,7 @@ module ApplicationHelper while youtube = message.match(/youtube\.com::([A-Za-z0-9_\\\-]+)/) video_id = youtube[1] if youtube_maps && youtube_maps[video_id] - title = youtube_maps[video_id] + title = h(CGI::unescape(youtube_maps[video_id])) else title = I18n.t 'application.helper.video_title.unknown' end diff --git a/lib/youtube_titles.rb b/lib/youtube_titles.rb index 0e16e76cc..1ebe240ec 100644 --- a/lib/youtube_titles.rb +++ b/lib/youtube_titles.rb @@ -15,7 +15,7 @@ module YoutubeTitles return unless youtube_match video_id = youtube_match[1] unless self.youtube_titles[video_id] - self.youtube_titles[video_id] = youtube_title_for(video_id) + self.youtube_titles[video_id] = CGI::escape(youtube_title_for(video_id)) end end YOUTUBE_ID_REGEX = /youtube\.com.*?v=([A-Za-z0-9_\\\-]+)/ unless defined? YOUTUBE_ID_REGEX diff --git a/spec/models/comment_spec.rb b/spec/models/comment_spec.rb index 18af7b599..7d7e480f4 100644 --- a/spec/models/comment_spec.rb +++ b/spec/models/comment_spec.rb @@ -262,7 +262,7 @@ describe Comment do comment = user.build_comment url, :on => @message comment.save! - Comment.find(comment.id).youtube_titles.should == {video_id => expected_title} + Comment.find(comment.id).youtube_titles.should == {video_id => CGI::escape(expected_title)} end end end diff --git a/spec/models/status_message_spec.rb b/spec/models/status_message_spec.rb index ebc1e158e..dc203946e 100644 --- a/spec/models/status_message_spec.rb +++ b/spec/models/status_message_spec.rb @@ -100,7 +100,7 @@ describe StatusMessage do post = @user.build_post :status_message, :message => url, :to => @aspect.id post.save! - Post.find(post.id).youtube_titles.should == {video_id => expected_title} + Post.find(post.id).youtube_titles.should == {video_id => CGI::escape(expected_title)} end end