yttt/yamatotoma.to
2
0
Fork 0
Code Pull requests Activity Actions

correctly escape titles subtitles and excerpts in all contexts; fixes #856

Browse source
This commit is contained in:
Dean Attali 2021-10-10 06:20:54 +00:00
parent 24e182b90e
commit 505305ebe7
10 changed files with 23 additions and 22 deletions
Download patch file Download diff file Expand all files Collapse all files

12
_includes/header.html
View file

@ -27,13 +27,13 @@
<div class="row">
<div class="col-xl-8 offset-xl-2 col-lg-10 offset-lg-1">
<div class="{{ include.type }}-heading">
<h1>{% if page.title %}{{ page.title }}{% else %}<br/>{% endif %}</h1>
<h1>{% if page.title %}{{ page.title | strip_html }}{% else %}<br/>{% endif %}</h1>
{% if page.subtitle %}
{% if include.type == "page" %}
<hr class="small">
<span class="{{ include.type }}-subheading">{{ page.subtitle }}</span>
<span class="{{ include.type }}-subheading">{{ page.subtitle | strip_html }}</span>
{% else %}
<h2 class="{{ include.type }}-subheading">{{ page.subtitle }}</h2>
<h2 class="{{ include.type }}-subheading">{{ page.subtitle | strip_html }}</h2>
{% endif %}
{% endif %}
@ -61,13 +61,13 @@
<div class="row">
<div class="col-xl-8 offset-xl-2 col-lg-10 offset-lg-1">
<div class="{{ include.type }}-heading">
<h1>{% if page.title %}{{ page.title }}{% else %}<br/>{% endif %}</h1>
<h1>{% if page.title %}{{ page.title | strip_html }}{% else %}<br/>{% endif %}</h1>
{% if page.subtitle %}
{% if include.type == "page" %}
<hr class="small">
<span class="{{ include.type }}-subheading">{{ page.subtitle }}</span>
<span class="{{ include.type }}-subheading">{{ page.subtitle | strip_html }}</span>
{% else %}
<h2 class="{{ include.type }}-subheading">{{ page.subtitle }}</h2>
<h2 class="{{ include.type }}-subheading">{{ page.subtitle | strip_html }}</h2>
{% endif %}
{% endif %}

4
_includes/search.html
View file

@ -11,7 +11,7 @@
var searchjson = '[ \
{% for post in site.posts %} \
{ \
"title" : "{% if post.title != "" %}{{ post.title | escape }}{% else %}{{ post.excerpt | strip_html | escape | strip }}{%endif%}", \
"title" : "{% if post.title != "" %}{{ post.title | strip_html | escape }}{% else %}{{ post.excerpt | strip_html | escape | strip }}{%endif%}", \
"category" : "{{ post.tags | join: \', \' }}", \
"url" : "{{ site.baseurl }}{{ post.url }}", \
"date" : "{{ post.date | date: "%B %e, %Y" | default: "January 1, 1970" }}" \
@ -19,7 +19,7 @@
{% endfor %} \
{% for page in site.html_pages %}{% if page.title != "{title}" and page.title != "404 - Page not found" %} \
{ \
"title" : "{% if page.title != "" %}{{ page.title | escape }}{% else %}{{ page.excerpt | strip_html | escape | strip }}{% endif %}", \
"title" : "{% if page.title != "" %}{{ page.title | strip_html | escape }}{% else %}{{ page.excerpt | strip_html | escape | strip }}{% endif %}", \
"category" : "{% if page.tags %}{{ page.tags | join: \', \' }}{% else %}page{% endif %}", \
"url" : "{{ site.baseurl }}{{ page.url }}", \
"date" : "{{ page.date | date: '%B %e, %Y' | default: "January 1, 1970" }}" \

2
_includes/social-share.html
View file

@ -11,7 +11,7 @@
<span class="sr-only">Share: </span>
{% if site.share-links-active.twitter %}
<a href="https://twitter.com/intent/tweet?text={{ page.title | url_encode }}&url={{ page.url | absolute_url | url_encode }}"
<a href="https://twitter.com/intent/tweet?text={{ page.title | strip_html | url_encode }}&url={{ page.url | absolute_url | url_encode }}"
class="btn btn-social-icon btn-twitter" title="Share on Twitter">
<span class="fab fa-fw fa-twitter" aria-hidden="true"></span>
<span class="sr-only">Twitter</span>