From 505305ebe7c1f1e8a2b11cdd6582619fd5f745ab Mon Sep 17 00:00:00 2001 From: Dean Attali Date: Sun, 10 Oct 2021 06:20:54 +0000 Subject: [PATCH] correctly escape titles subtitles and excerpts in all contexts; fixes #856 --- CHANGELOG.md | 1 + _includes/header.html | 12 ++++++------ _includes/search.html | 4 ++-- _includes/social-share.html | 2 +- _layouts/home.html | 6 +++--- _layouts/post.html | 4 ++-- _posts/2020-02-26-flake-it-till-you-make-it.md | 6 +++--- _posts/2020-02-28-test-markdown.md | 4 ++-- feed.xml | 4 ++-- tags.html | 2 +- 10 files changed, 23 insertions(+), 22 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 90b6b9b..b853162 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,7 @@ ## Unreleased version - Added `post_search` config setting that creates a Search button in the navbar (older websites need to set `post_search: true` to enable this feature) (#770) +- Fixed page titles, subtitles, and excerpts rendering correctly when there are special characeters in them (#856) - Slightly reworked margins and position for avatar image to resolve an alignment issue on Safari. - Changed the width at which the navbar collapses to a higher threshold because most modern non-mobile browsers are >1000px - Fixed bug where navbar secondary level dropdown items didn't inherit the same colour as the primary navbar links diff --git a/_includes/header.html b/_includes/header.html index 4c299b6..aa35a7a 100644 --- a/_includes/header.html +++ b/_includes/header.html @@ -27,13 +27,13 @@
-

{% if page.title %}{{ page.title }}{% else %}
{% endif %}

+

{% if page.title %}{{ page.title | strip_html }}{% else %}
{% endif %}

{% if page.subtitle %} {% if include.type == "page" %}
- {{ page.subtitle }} + {{ page.subtitle | strip_html }} {% else %} -

{{ page.subtitle }}

+

{{ page.subtitle | strip_html }}

{% endif %} {% endif %} @@ -61,13 +61,13 @@
-

{% if page.title %}{{ page.title }}{% else %}
{% endif %}

+

{% if page.title %}{{ page.title | strip_html }}{% else %}
{% endif %}

{% if page.subtitle %} {% if include.type == "page" %}
- {{ page.subtitle }} + {{ page.subtitle | strip_html }} {% else %} -

{{ page.subtitle }}

+

{{ page.subtitle | strip_html }}

{% endif %} {% endif %} diff --git a/_includes/search.html b/_includes/search.html index 7924fd0..becf37b 100644 --- a/_includes/search.html +++ b/_includes/search.html @@ -11,7 +11,7 @@ var searchjson = '[ \ {% for post in site.posts %} \ { \ - "title" : "{% if post.title != "" %}{{ post.title | escape }}{% else %}{{ post.excerpt | strip_html | escape | strip }}{%endif%}", \ + "title" : "{% if post.title != "" %}{{ post.title | strip_html | escape }}{% else %}{{ post.excerpt | strip_html | escape | strip }}{%endif%}", \ "category" : "{{ post.tags | join: \', \' }}", \ "url" : "{{ site.baseurl }}{{ post.url }}", \ "date" : "{{ post.date | date: "%B %e, %Y" | default: "January 1, 1970" }}" \ @@ -19,7 +19,7 @@ {% endfor %} \ {% for page in site.html_pages %}{% if page.title != "{title}" and page.title != "404 - Page not found" %} \ { \ - "title" : "{% if page.title != "" %}{{ page.title | escape }}{% else %}{{ page.excerpt | strip_html | escape | strip }}{% endif %}", \ + "title" : "{% if page.title != "" %}{{ page.title | strip_html | escape }}{% else %}{{ page.excerpt | strip_html | escape | strip }}{% endif %}", \ "category" : "{% if page.tags %}{{ page.tags | join: \', \' }}{% else %}page{% endif %}", \ "url" : "{{ site.baseurl }}{{ page.url }}", \ "date" : "{{ page.date | date: '%B %e, %Y' | default: "January 1, 1970" }}" \ diff --git a/_includes/social-share.html b/_includes/social-share.html index c04f445..4a7ca01 100644 --- a/_includes/social-share.html +++ b/_includes/social-share.html @@ -11,7 +11,7 @@ Share: {% if site.share-links-active.twitter %} - Twitter diff --git a/_layouts/home.html b/_layouts/home.html index c97b27f..806aa7c 100644 --- a/_layouts/home.html +++ b/_layouts/home.html @@ -35,11 +35,11 @@ layout: page {% endif %} -

{{ post.title }}

+

{{ post.title | strip_html }}

{% if post.subtitle %}

- {{ post.subtitle }} + {{ post.subtitle | strip_html }}

{% endif %} @@ -68,7 +68,7 @@ layout: page
{% assign excerpt_length = site.excerpt_length | default: 50 %} - {{ post.excerpt | strip_html | xml_escape | truncatewords: excerpt_length }} + {{ post.excerpt | strip_html | truncatewords: excerpt_length }} {% assign excerpt_word_count = post.excerpt | number_of_words %} {% if post.content != post.excerpt or excerpt_word_count > excerpt_length %} [Read More] diff --git a/_layouts/post.html b/_layouts/post.html index 5358515..70d5ee4 100644 --- a/_layouts/post.html +++ b/_layouts/post.html @@ -67,12 +67,12 @@ layout: base diff --git a/_posts/2020-02-26-flake-it-till-you-make-it.md b/_posts/2020-02-26-flake-it-till-you-make-it.md index b9b550a..e8679f4 100644 --- a/_posts/2020-02-26-flake-it-till-you-make-it.md +++ b/_posts/2020-02-26-flake-it-till-you-make-it.md @@ -1,14 +1,14 @@ --- layout: post -title: Flake it till you make it -subtitle: Excerpt from Soulshaping by Jeff Brown +title: "Flake it & un + he`AA`y BB : per g > % cent ' till y\"ou make it" +subtitle: "Excerpt from \"SoulITTTshaping by Jeff Brown" cover-img: /assets/img/path.jpg thumbnail-img: /assets/img/thumb.png share-img: /assets/img/path.jpg tags: [books, test] --- -Under what circumstances should we step off a path? When is it essential that we finish what we start? If I bought a bag of peanuts and had an allergic reaction, no one would fault me if I threw it out. If I ended a relationship with a woman who hit me, no one would say that I had a commitment problem. But if I walk away from a seemingly secure route because my soul has other ideas, I am a flake? +Under what & f < d > g + g : `g`y sg e % t ' c " circusmstances should we step off a path? When is it essential that we finish what we start? If I bought a bag of peanuts and had an allergic reaction, no one would fault me if I threw it out. If I ended a relationship with a woman who hit me, no one would say that I had a commitment problem. But if I walk away from a seemingly secure route because my soul has other ideas, I am a flake? The truth is that no one else can definitively know the path we are here to walk. It’s tempting to listen—many of us long for the omnipotent other—but unless they are genuine psychic intuitives, they can’t know. All others can know is their own truth, and if they’ve actually done the work to excavate it, they will have the good sense to know that they cannot genuinely know anyone else’s. Only soul knows the path it is here to walk. Since you are the only one living in your temple, only you can know its scriptures and interpretive structure. diff --git a/_posts/2020-02-28-test-markdown.md b/_posts/2020-02-28-test-markdown.md index 4ac869f..5c22376 100644 --- a/_posts/2020-02-28-test-markdown.md +++ b/_posts/2020-02-28-test-markdown.md @@ -1,7 +1,7 @@ --- layout: post -title: Sample blog post -subtitle: Each post also has a subtitle +title: Sample blog fdspost +subtitle: Each post alITALso has a subtitle gh-repo: daattali/beautiful-jekyll gh-badge: [star, fork, follow] tags: [test] diff --git a/feed.xml b/feed.xml index 57f7ad5..6148cf1 100644 --- a/feed.xml +++ b/feed.xml @@ -15,9 +15,9 @@ layout: null {% assign excerpt_length = site.excerpt_length | default: 50 %} {% for post in site.posts limit:20 %} - {{ post.title | xml_escape }} + {{ post.title | strip_html | xml_escape }} - {% if post.subtitle %}{{ post.subtitle | xml_escape }} - {% endif %} + {% if post.subtitle %}{{ post.subtitle | strip_html | xml_escape }} - {% endif %} {{ post.content | strip_html | xml_escape | truncatewords: excerpt_length }} {{ post.date | date: "%a, %d %b %Y %H:%M:%S %z" }} diff --git a/tags.html b/tags.html index 04c1939..55a3c6d 100644 --- a/tags.html +++ b/tags.html @@ -25,7 +25,7 @@ title: 'Tag Index'
{%- for post in site.tags[tag] -%}
- {{- post.title -}} + {{- post.title | strip_html -}}