WithCandour / statamic-aardvark-seo

Candour's SEO addon for Statamic
https://statamic.com/marketplace/addons/aardvark-seo
12 stars 18 forks source link

Sanitizing SEO fields #169

Open Ben-Kemp-8433 opened 9 months ago

Ben-Kemp-8433 commented 9 months ago

One of our customers recently ran into the issue that the meta-description and opengraph-description fields aren't being sanitized.

On their page they added " and > in their descriptions as a form of textual markup.

This resulted in the {{ aardvark-seo:head }} tag finishing out on the start of the ", and the remainder of the description being pushed into the head until it ran into the >, which closed the head and threw the remainder into the body.

After a little digging in your source code it seemed as easy as adding the sanitize modifier to the meta_description and og_description echos. However it might be better to add the sanitize modifier to all echos within the head and body tags.

Thank you in advance!