correctly escape titles subtitles and excerpts in all contexts; fixes #856

2021-10-10 06:20:54 +00:00 · 2021-10-10 06:20:54 +00:00 · 505305ebe7
commit 505305ebe7
parent 24e182b90e
10 changed files with 23 additions and 22 deletions
--- a/_includes/header.html
+++ b/_includes/header.html
@ -27,13 +27,13 @@
    <div class="row">
      <div class="col-xl-8 offset-xl-2 col-lg-10 offset-lg-1">
        <div class="{{ include.type }}-heading">
-          <h1>{% if page.title %}{{ page.title }}{% else %}<br/>{% endif %}</h1>
+          <h1>{% if page.title %}{{ page.title | strip_html }}{% else %}<br/>{% endif %}</h1>
          {% if page.subtitle %}
            {% if include.type == "page" %}
              <hr class="small">
-              <span class="{{ include.type }}-subheading">{{ page.subtitle }}</span>
+              <span class="{{ include.type }}-subheading">{{ page.subtitle | strip_html }}</span>
            {% else %}
-              <h2 class="{{ include.type }}-subheading">{{ page.subtitle }}</h2>
+              <h2 class="{{ include.type }}-subheading">{{ page.subtitle | strip_html }}</h2>
            {% endif %}
          {% endif %}

@ -61,13 +61,13 @@
    <div class="row">
      <div class="col-xl-8 offset-xl-2 col-lg-10 offset-lg-1">
        <div class="{{ include.type }}-heading">
-          <h1>{% if page.title %}{{ page.title }}{% else %}<br/>{% endif %}</h1>
+          <h1>{% if page.title %}{{ page.title | strip_html }}{% else %}<br/>{% endif %}</h1>
          {% if page.subtitle %}
            {% if include.type == "page" %}
              <hr class="small">
-              <span class="{{ include.type }}-subheading">{{ page.subtitle }}</span>
+              <span class="{{ include.type }}-subheading">{{ page.subtitle | strip_html }}</span>
            {% else %}
-              <h2 class="{{ include.type }}-subheading">{{ page.subtitle }}</h2>
+              <h2 class="{{ include.type }}-subheading">{{ page.subtitle | strip_html }}</h2>
            {% endif %}
          {% endif %}