lib/parliament/utils/services/markdown_converter.rb in parliament-utils-0.8.0 vs lib/parliament/utils/services/markdown_converter.rb in parliament-utils-0.8.1

- old
+ new

@@ -36,16 +36,17 @@ # Add video ID url << "/#{uri.path.split('/').last}?" # Add original query if present, and not an empty string url << "#{uri.query}&" if uri.query&.size # Add player options - url << 'audioOnly=False&amp;autoStart=False&amp;statsEnabled=False' + url << 'audioOnly=False&autoStart=False&statsEnabled=False' end + # Escape special characters in HTML + video_url = CGI.escapeHTML(video_url) + # Return the video player - %(<div class="video-wrap"> -<iframe src="#{video_url}" name="UKPPlayer" title="UK Parliament Player" seamless="seamless" frameborder="0" allowfullscreen style="width: 100%; height: 100%"></iframe> -</div>) + %(<div class="video-wrap"><iframe src="#{video_url}" name="UKPPlayer" title="UK Parliament Player" seamless="seamless" frameborder="0" allowfullscreen style="width: 100%; height: 100%"></iframe></div>) end end end end end