diff --git a/packages/content-fetch/youtube-handler.js b/packages/content-fetch/youtube-handler.js
index 179e4614f..cdf9bee32 100644
--- a/packages/content-fetch/youtube-handler.js
+++ b/packages/content-fetch/youtube-handler.js
@@ -5,6 +5,7 @@
/* eslint-disable @typescript-eslint/no-require-imports */
require('dotenv').config();
const axios = require('axios');
+const _ = require('underscore');
const YOUTUBE_URL_MATCH =
/^((?:https?:)?\/\/)?((?:www|m)\.)?((?:youtube\.com|youtu.be))(\/(?:[\w-]+\?v=|embed\/|v\/)?)([\w-]+)(\S+)?$/
@@ -36,11 +37,12 @@ exports.youtubeHandler = {
const oembedUrl = `https://www.youtube.com/oembed?format=json&url=` + encodeURIComponent(`https://www.youtube.com/watch?v=${videoId}`)
const oembed = (await axios.get(oembedUrl.toString())).data;
- const title = oembed.title;
+ const title = _.escape(oembed.title);
const ratio = oembed.width / oembed.height;
const thumbnail = oembed.thumbnail_url;
const height = 350;
const width = height * ratio;
+ const authorName = _.escape(oembed.author_name);
const content = `
@@ -49,12 +51,12 @@ exports.youtubeHandler = {
-
+
${title}
- By ${oembed.author_name}
+ By ${authorName}