From 8b0fbf5a834276f273274e4d614edd71e339cbb0 Mon Sep 17 00:00:00 2001
From: PENEKhun <penekhun@gmail.com>
Date: Wed, 28 Jun 2023 15:23:27 +0900
Subject: [PATCH] fix: missing xml escape for `alt` of preview image (#1113)

Preview image display error when `alt` contains '<' or '>'


Co-authored-by: Cotes Chung <11371340+cotes2020@users.noreply.github.com>
---
 _layouts/home.html | 2 +-
 _layouts/post.html | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/_layouts/home.html b/_layouts/home.html
index fa2f58e..ccc08f2 100644
--- a/_layouts/home.html
+++ b/_layouts/home.html
@@ -63,7 +63,7 @@ refactor: true
             {% assign src = post.img_path | append: '/' | append: src | replace: '//', '/' %}
           {% endunless %}
 
-          {% assign alt = post.image.alt | default: 'Preview Image' %}
+          {% assign alt = post.image.alt | xml_escape | default: 'Preview Image' %}
 
           <img src="{{ src }}" w="17" h="10" alt="{{ alt }}" {{ lqip }}>
         {% endif %}
diff --git a/_layouts/post.html b/_layouts/post.html
index 1821975..77822a6 100644
--- a/_layouts/post.html
+++ b/_layouts/post.html
@@ -31,7 +31,7 @@ tail_includes:
   {% if page.image %}
     {% capture src %}src="{{ page.image.path | default: page.image }}"{% endcapture %}
     {% capture class %}class="preview-img{% if page.image.no_bg %}{{ ' no-bg' }}{% endif %}"{% endcapture %}
-    {% capture alt %}alt="{{ page.image.alt | default: "Preview Image" }}"{% endcapture %}
+    {% capture alt %}alt="{{ page.image.alt | xml_escape | default: "Preview Image" }}"{% endcapture %}
 
     {% capture lqip %}
       {% if page.image.lqip %}