correctly escape titles subtitles and excerpts in all contexts; fixes #856

2021-10-10 06:20:54 +00:00 · 2021-10-10 06:20:54 +00:00 · 505305ebe7
commit 505305ebe7
parent 24e182b90e
10 changed files with 23 additions and 22 deletions
--- a/_layouts/post.html
+++ b/_layouts/post.html
@ -67,12 +67,12 @@ layout: base
      <ul class="pagination blog-pager">
        {% if page.previous.url %}
        <li class="page-item previous">
-          <a class="page-link" href="{{ page.previous.url | relative_url }}" data-toggle="tooltip" data-placement="top" title="{{page.previous.title}}">&larr; Previous Post</a>
+          <a class="page-link" href="{{ page.previous.url | relative_url }}" data-toggle="tooltip" data-placement="top" title="{{page.previous.title | strip_html | xml_escape}}">&larr; Previous Post</a>
        </li>
        {% endif %}
        {% if page.next.url %}
        <li class="page-item next">
-          <a class="page-link" href="{{ page.next.url | relative_url }}" data-toggle="tooltip" data-placement="top" title="{{page.next.title}}">Next Post &rarr;</a>
+          <a class="page-link" href="{{ page.next.url | relative_url }}" data-toggle="tooltip" data-placement="top" title="{{page.next.title | strip_html | xml_escape}}">Next Post &rarr;</a>
        </li>
        {% endif %}
      </ul>