From 659657b62d5f81a3d9acd6af48fa4f48ad4132fd Mon Sep 17 00:00:00 2001
From: Felix Oswald <52625423+felixoswald@users.noreply.github.com>
Date: Sat, 19 Mar 2022 11:26:03 +0100
Subject: [PATCH] escaped ExternalUrls with escapeHtml()

---
 src/controllers/itemDetails/index.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/controllers/itemDetails/index.js b/src/controllers/itemDetails/index.js
index 4cb329b2e4..9e90345841 100644
--- a/src/controllers/itemDetails/index.js
+++ b/src/controllers/itemDetails/index.js
@@ -747,7 +747,7 @@ function renderLinks(page, item) {
 
     if (item.ExternalUrls) {
         for (const url of item.ExternalUrls) {
-            links.push(`<a is="emby-linkbutton" class="button-link" href="${url.Url}" target="_blank">${url.Name}</a>`);
+            links.push(`<a is="emby-linkbutton" class="button-link" href="${url.Url}" target="_blank">${escapeHtml(url.Name)}</a>`);
         }
     }