[Bug] Sanitize input from YouTube Search term

[Elendil211]

Is there an existing issue for this?

• I have searched the existing issues

Current Behavior

The symbols " and ' appear to not be properly escaped when put into the input field. There might also be others. This leads to crashes, and weird behavior. Escaping the symbols with \ leads to the expected behavior.

It might also be possible to use this for code execution, which could be a security issue if there is a malicious title on Spotify.

Expected Behavior

The search term should be forwarded to youtube in the exact same form as it was put into the field.

Steps To Reproduce

Try to use $MAIN_ARTIST $TITLE $FEATURED_ARTISTS, description:"Auto-generated by YouTube." as search term. The app crashes. Try $MAIN_ARTIST $TITLE $FEATURED_ARTISTS, description:\"Auto-generated by YouTube.\", and the results are very good. (I would also suggest to use this search term by default. It makes the search use YouTube music if possible, which dramatically improves the quality of the results. #32)

Spotube Version

2.5.0

Operating System

Linux

Linux Distribution (if applicable)

Arch Linux

Operating System Version

rolling

Installation Source

Flathub (Flatpak)

Additional information

Also affects Android.

[KRTirtho]

This feature has been removed in favor of "Alternative Track Source Selection"

[KRTirtho]

Available in the latest nightly. And will be released in stable soon