Fix for potential XSS attacks.

FireMasterK · FireMasterK · commit 01acf7943650 · 2022-12-31T20:05:32.000Z
diff --git a/extractor/src/main/java/org/schabi/newpipe/extractor/services/youtube/YoutubeParsingHelper.java b/extractor/src/main/java/org/schabi/newpipe/extractor/services/youtube/YoutubeParsingHelper.java
@@ -33,7 +33,7 @@
 import com.grack.nanojson.JsonParser;
 import com.grack.nanojson.JsonParserException;
 import com.grack.nanojson.JsonWriter;
-
+import org.jsoup.nodes.Entities;
 import org.schabi.newpipe.extractor.MetaInfo;
 import org.schabi.newpipe.extractor.downloader.Response;
 import org.schabi.newpipe.extractor.exceptions.AccountTerminatedException;
@@ -967,7 +967,7 @@ public static String getTextFromObject(final JsonObject textObject, final boolea
                     textBuilder.append("<s>");
                 }
 
-                textBuilder.append(text);
+                textBuilder.append(Entities.escape(text));
 
                 if (strikethrough) {
                     textBuilder.append("</s>");
