From 8b0fbf5a834276f273274e4d614edd71e339cbb0 Mon Sep 17 00:00:00 2001 From: PENEKhun Date: Wed, 28 Jun 2023 15:23:27 +0900 Subject: [PATCH] fix: missing xml escape for `alt` of preview image (#1113) Preview image display error when `alt` contains '<' or '>' Co-authored-by: Cotes Chung <11371340+cotes2020@users.noreply.github.com> --- _layouts/home.html | 2 +- _layouts/post.html | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/_layouts/home.html b/_layouts/home.html index fa2f58e..ccc08f2 100644 --- a/_layouts/home.html +++ b/_layouts/home.html @@ -63,7 +63,7 @@ refactor: true {% assign src = post.img_path | append: '/' | append: src | replace: '//', '/' %} {% endunless %} - {% assign alt = post.image.alt | default: 'Preview Image' %} + {% assign alt = post.image.alt | xml_escape | default: 'Preview Image' %} {{ alt }} {% endif %} diff --git a/_layouts/post.html b/_layouts/post.html index 1821975..77822a6 100644 --- a/_layouts/post.html +++ b/_layouts/post.html @@ -31,7 +31,7 @@ tail_includes: {% if page.image %} {% capture src %}src="{{ page.image.path | default: page.image }}"{% endcapture %} {% capture class %}class="preview-img{% if page.image.no_bg %}{{ ' no-bg' }}{% endif %}"{% endcapture %} - {% capture alt %}alt="{{ page.image.alt | default: "Preview Image" }}"{% endcapture %} + {% capture alt %}alt="{{ page.image.alt | xml_escape | default: "Preview Image" }}"{% endcapture %} {% capture lqip %} {% if page.image.lqip %}