diff --git a/server/public/handle_shares.go b/server/public/handle_shares.go
index 7e24e3bae..9df89eba9 100644
--- a/server/public/handle_shares.go
+++ b/server/public/handle_shares.go
@@ -183,9 +183,11 @@ func (pub *Router) handleAPlayer(w http.ResponseWriter, r *http.Request) {
 
 	data := map[string]interface{}{
 		"ShareDescription": description,
-		"ShareInfo":        template.JS(shareInfoJSON),
-		"APlayerScript":    template.JS(scriptContent),
-		"BaseURL":          baseURL,
+		// #nosec G203 -- shareInfoJSON is generated by json.Marshal from server data, not user input
+		"ShareInfo": template.JS(shareInfoJSON),
+		// #nosec G203 -- scriptContent is from embedded resource file, not user input
+		"APlayerScript": template.JS(scriptContent),
+		"BaseURL":       baseURL,
 	}
 
 	// Render template