correctly escape titles subtitles and excerpts in all contexts; fixes #856
This commit is contained in:
Dean Attali
parent
24e182b90e
commit
505305ebe7
10 changed files with 23 additions and 22 deletions
|
|
@ -35,11 +35,11 @@ layout: page
|
|||
{% endif %}
|
||||
|
||||
<a href="{{ post.url | absolute_url }}">
|
||||
<h2 class="post-title">{{ post.title }}</h2>
|
||||
<h2 class="post-title">{{ post.title | strip_html }}</h2>
|
||||
|
||||
{% if post.subtitle %}
|
||||
<h3 class="post-subtitle">
|
||||
{{ post.subtitle }}
|
||||
{{ post.subtitle | strip_html }}
|
||||
</h3>
|
||||
{% endif %}
|
||||
</a>
|
||||
|
|
@ -68,7 +68,7 @@ layout: page
|
|||
|
||||
<div class="post-entry">
|
||||
{% assign excerpt_length = site.excerpt_length | default: 50 %}
|
||||
{{ post.excerpt | strip_html | xml_escape | truncatewords: excerpt_length }}
|
||||
{{ post.excerpt | strip_html | truncatewords: excerpt_length }}
|
||||
{% assign excerpt_word_count = post.excerpt | number_of_words %}
|
||||
{% if post.content != post.excerpt or excerpt_word_count > excerpt_length %}
|
||||
<a href="{{ post.url | absolute_url }}" class="post-read-more">[Read More]</a>
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue