correctly escape titles subtitles and excerpts in all contexts; fixes #856

2021-10-10 06:20:54 +00:00 · 2021-10-10 06:20:54 +00:00 · 505305ebe7
commit 505305ebe7
parent 24e182b90e
10 changed files with 23 additions and 22 deletions
--- a/feed.xml
+++ b/feed.xml
@ -15,9 +15,9 @@ layout: null
    {% assign excerpt_length = site.excerpt_length | default: 50 %}
    {% for post in site.posts limit:20 %}
      <item>
-        <title>{{ post.title | xml_escape }}</title>
+        <title>{{ post.title | strip_html | xml_escape }}</title>
        <description>
-          {% if post.subtitle %}{{ post.subtitle | xml_escape }} - {% endif %}
+          {% if post.subtitle %}{{ post.subtitle | strip_html | xml_escape }} - {% endif %}
          {{ post.content | strip_html | xml_escape | truncatewords: excerpt_length }}
        </description>
        <pubDate>{{ post.date | date: "%a, %d %b %Y %H:%M:%S %z" }}</pubDate>