Unescaped HTML in blog description causing intermittent problems

It looks like 25% of the time we're getting unescaped HTML in the data-tumblr-popover attribute in the header. It's either a case of some A/B testing or an incomplete rollout.

<div class="post_info"><div class="post_info_fence has_follow_button"><a class="post_info_link" href="http://killipechika.tumblr.com/post/172366159332" data-tumblelog-popover="{&quot;avatar_url&quot;:&quot;https://78.media.tumblr.com/avatar_c2e7e6be4af7_128.gif&quot;,&quot;dashboard_url&quot;:&quot;/blog/killipechika&quot;,&quot;url&quot;:&quot;http://killipechika.tumblr.com&quot;,&quot;name&quot;:&quot;killipechika&quot;,&quot;cname&quot;:&quot;&quot;,&quot;description&quot;:&quot;Twitter デザイナー求人 \n暗号通貨取引所coincheck&quot;,&quot;description_sanitized&quot;:&quot; External image\n <a href=\&quot;https://twitter.com/Gerobasil\&quot;>Twitter</a> <a href=\&quot;http://cr-navi.jp\&quot;>デザイナー求人</a> \n<a href=\&quot;https://coincheck.com/?c=cIGj-syN7mA\&quot; target=\&quot;_blank\&quot;>暗号通貨取引所coincheck</a>&quot;,&quot;title&quot;:&quot;ｷ　　ﾘ　　ﾍﾟ　　ﾁ　　ｶ&quot;,&quot;likes&quot;:false,&quot;share_following&quot;:false,&quot;is_blogless_advertiser&quot;:false,&quot;is_private&quot;:false,&quot;is_group&quot;:false,&quot;customizable&quot;:false,&quot;following&quot;:true,&quot;premium_partner&quot;:false,&quot;can_receive_messages&quot;:true,&quot;can_send_messages&quot;:true,&quot;uuid&quot;:&quot;killipechika.tumblr.com&quot;,&quot;can_be_followed&quot;:true,&quot;has_default_header&quot;:false,&quot;can_pixelate_avatar&quot;:false,&quot;nsfw&quot;:false,&quot;is_subscribed&quot;:false,&quot;can_subscribe&quot;:true,&quot;is_blocking&quot;:false,&quot;global_theme_params&quot;:{&quot;avatar_shape&quot;:&quot;square&quot;,&quot;background_color&quot;:&quot;#FAFAFA&quot;,&quot;body_font&quot;:&quot;Helvetica Neue&quot;,&quot;header_bounds&quot;:&quot;0,640,360,0&quot;,&quot;header_image&quot;:&quot;http://static.tumblr.com/1b24e607d9bbc2ec4f12a08cb9396b84/bzuei8s/nwjp3kfeo/tumblr_static_.jpg&quot;,&quot;header_image_dimens&quot;:&quot;640,640;640,360&quot;,&quot;header_image_focused&quot;:&quot;https://static.tumblr.com/1b24e607d9bbc2ec4f12a08cb9396b84/bzuei8s/v5cp3kfep/tumblr_static_tumblr_static__640.jpg&quot;,&quot;header_image_scaled&quot;:&quot;http://static.tumblr.com/1b24e607d9bbc2ec4f12a08cb9396b84/bzuei8s/nwjp3kfeo/tumblr_static__2048_v2.jpg&quot;,&quot;header_stretch&quot;:true,&quot;link_color&quot;:&quot;#529ECC&quot;,&quot;show_avatar&quot;:true,&quot;show_description&quot;:true,&quot;show_header_image&quot;:true,&quot;show_title&quot;:true,&quot;title_color&quot;:&quot;#444444&quot;,&quot;title_font&quot;:&quot;Gibson&quot;,&quot;title_font_weight&quot;:&quot;bold&quot;}}" data-peepr="{&quot;tumblelog&quot;:&quot;killipechika&quot;}">killipechika</a><span class="reblog_source"><span class="reblog_icon" title="killipechika reblogged 1041uuu">reblogged</span><a class="post_info_link" title="1041uuu" href="http://1041uuu.tumblr.com/post/172307746313" data-tumblelog-popover="{&quot;avatar_url&quot;:&quot;https://78.media.tumblr.com/avatar_87afe5afae4a_128.pnj&quot;,&quot;dashboard_url&quot;:&quot;/blog/1041uuu&quot;,&quot;url&quot;:&quot;http://1041uuu.tumblr.com&quot;,&quot;name&quot;:&quot;1041uuu&quot;,&quot;cname&quot;:&quot;&quot;,&quot;description&quot;:&quot;&quot;,&quot;description_sanitized&quot;:&quot;&quot;,&quot;title&quot;:&quot;1041uuu&quot;,&quot;likes&quot;:false,&quot;share_following&quot;:false,&quot;is_blogless_advertiser&quot;:false,&quot;is_private&quot;:false,&quot;is_group&quot;:false,&quot;customizable&quot;:false,&quot;following&quot;:false,&quot;premium_partner&quot;:false,&quot;can_receive_messages&quot;:true,&quot;can_send_messages&quot;:true,&quot;uuid&quot;:&quot;1041uuu.tumblr.com&quot;,&quot;can_be_followed&quot;:true,&quot;has_default_header&quot;:false,&quot;can_pixelate_avatar&quot;:false,&quot;nsfw&quot;:false,&quot;asks&quot;:true,&quot;anonymous_asks&quot;:0,&quot;is_subscribed&quot;:false,&quot;can_subscribe&quot;:false,&quot;is_blocking&quot;:false,&quot;global_theme_params&quot;:{&quot;avatar_shape&quot;:&quot;square&quot;,&quot;background_color&quot;:&quot;#FAFAFA&quot;,&quot;body_font&quot;:&quot;Helvetica Neue&quot;,&quot;header_bounds&quot;:&quot;30,474,286,20&quot;,&quot;header_image&quot;:&quot;http://static.tumblr.com/2b0ec5e7d4763b0cc6aaba6982be379c/tuvncqz/ljfoco1nu/tumblr_static_2i5cn6zq5qw4c8ocss0csokkc.gif&quot;,&quot;header_image_dimens&quot;:&quot;500,288;454,256&quot;,&quot;header_image_focused&quot;:&quot;https://static.tumblr.com/2b0ec5e7d4763b0cc6aaba6982be379c/tuvncqz/6Ntoco1nx/tumblr_static_tumblr_static_2i5cn6zq5qw4c8ocss0csokkc_640.gif&quot;,&quot;header_image_scaled&quot;:&quot;http://static.tumblr.com/2b0ec5e7d4763b0cc6aaba6982be379c/tuvncqz/ljfoco1nu/tumblr_static_2i5cn6zq5qw4c8ocss0csokkc_2048_v2.gif&quot;,&quot;header_stretch&quot;:true,&quot;link_color&quot;:&quot;#529ECC&quot;,&quot;show_avatar&quot;:true,&quot;show_description&quot;:true,&quot;show_header_image&quot;:true,&quot;show_title&quot;:true,&quot;title_color&quot;:&quot;#444444&quot;,&quot;title_font&quot;:&quot;Gibson&quot;,&quot;title_font_weight&quot;:&quot;bold&quot;}}" data-peepr="{&quot;tumblelog&quot;:&quot;1041uuu&quot;}">1041uuu</a></span></div><a href="/follow/1041uuu" class="reblog_follow_button " data-tumblelog-name="1041uuu" title="Follow 1041uuu"><span class="follow-text">Follow</span></a></div>

<div class="post_info"><div class="post_info_fence has_follow_button"><a class="post_info_link" href="http://killipechika.tumblr.com/post/172366159332" data-tumblelog-popover="{&quot;avatar_url&quot;:&quot;https:\/\/78.media.tumblr.com\/avatar_c2e7e6be4af7_128.gif&quot;,&quot;dashboard_url&quot;:&quot;\/blog\/killipechika&quot;,&quot;url&quot;:&quot;http:\/\/killipechika.tumblr.com&quot;,&quot;name&quot;:&quot;killipechika&quot;,&quot;cname&quot;:&quot;&quot;,&quot;description&quot;:&quot;Twitter \u30c7\u30b6\u30a4\u30ca\u30fc\u6c42\u4eba \n\u6697\u53f7\u901a\u8ca8\u53d6\u5f15\u6240coincheck&quot;,&quot;description_sanitized&quot;:&quot; External image\n \u003Ca href=\u0022https:\/\/twitter.com\/Gerobasil\u0022\u003ETwitter\u003C\/a\u003E \u003Ca href=\u0022http:\/\/cr-navi.jp\u0022\u003E\u30c7\u30b6\u30a4\u30ca\u30fc\u6c42\u4eba\u003C\/a\u003E \n\u003Ca href=\u0022https:\/\/coincheck.com\/?c=cIGj-syN7mA\u0022 target=\u0022_blank\u0022\u003E\u6697\u53f7\u901a\u8ca8\u53d6\u5f15\u6240coincheck\u003C\/a\u003E&quot;,&quot;title&quot;:&quot;\uff77\u3000\u3000\uff98\u3000\u3000\uff8d\uff9f\u3000\u3000\uff81\u3000\u3000\uff76&quot;,&quot;likes&quot;:false,&quot;share_following&quot;:false,&quot;is_blogless_advertiser&quot;:false,&quot;is_private&quot;:false,&quot;is_group&quot;:false,&quot;customizable&quot;:false,&quot;following&quot;:true,&quot;premium_partner&quot;:false,&quot;can_receive_messages&quot;:true,&quot;can_send_messages&quot;:true,&quot;uuid&quot;:&quot;killipechika.tumblr.com&quot;,&quot;can_be_followed&quot;:true,&quot;has_default_header&quot;:false,&quot;can_pixelate_avatar&quot;:false,&quot;nsfw&quot;:false,&quot;is_subscribed&quot;:false,&quot;can_subscribe&quot;:true,&quot;is_blocking&quot;:false,&quot;global_theme_params&quot;:{&quot;avatar_shape&quot;:&quot;square&quot;,&quot;background_color&quot;:&quot;#FAFAFA&quot;,&quot;body_font&quot;:&quot;Helvetica Neue&quot;,&quot;header_bounds&quot;:&quot;0,640,360,0&quot;,&quot;header_image&quot;:&quot;http:\/\/static.tumblr.com\/1b24e607d9bbc2ec4f12a08cb9396b84\/bzuei8s\/nwjp3kfeo\/tumblr_static_.jpg&quot;,&quot;header_image_dimens&quot;:&quot;640,640;640,360&quot;,&quot;header_image_focused&quot;:&quot;https:\/\/static.tumblr.com\/1b24e607d9bbc2ec4f12a08cb9396b84\/bzuei8s\/v5cp3kfep\/tumblr_static_tumblr_static__640.jpg&quot;,&quot;header_image_scaled&quot;:&quot;http:\/\/static.tumblr.com\/1b24e607d9bbc2ec4f12a08cb9396b84\/bzuei8s\/nwjp3kfeo\/tumblr_static__2048_v2.jpg&quot;,&quot;header_stretch&quot;:true,&quot;link_color&quot;:&quot;#529ECC&quot;,&quot;show_avatar&quot;:true,&quot;show_description&quot;:true,&quot;show_header_image&quot;:true,&quot;show_title&quot;:true,&quot;title_color&quot;:&quot;#444444&quot;,&quot;title_font&quot;:&quot;Gibson&quot;,&quot;title_font_weight&quot;:&quot;bold&quot;}}" data-peepr="{&quot;tumblelog&quot;:&quot;killipechika&quot;}">killipechika</a><span class="reblog_source"><span class="reblog_icon" title="killipechika reblogged 1041uuu">reblogged</span><a class="post_info_link" title="1041uuu" href="http://1041uuu.tumblr.com/post/172307746313" data-tumblelog-popover="{&quot;avatar_url&quot;:&quot;https:\/\/78.media.tumblr.com\/avatar_87afe5afae4a_128.pnj&quot;,&quot;dashboard_url&quot;:&quot;\/blog\/1041uuu&quot;,&quot;url&quot;:&quot;http:\/\/1041uuu.tumblr.com&quot;,&quot;name&quot;:&quot;1041uuu&quot;,&quot;cname&quot;:&quot;&quot;,&quot;description&quot;:&quot;&quot;,&quot;description_sanitized&quot;:&quot;&quot;,&quot;title&quot;:&quot;1041uuu&quot;,&quot;likes&quot;:false,&quot;share_following&quot;:false,&quot;is_blogless_advertiser&quot;:false,&quot;is_private&quot;:false,&quot;is_group&quot;:false,&quot;customizable&quot;:false,&quot;following&quot;:false,&quot;premium_partner&quot;:false,&quot;can_receive_messages&quot;:true,&quot;can_send_messages&quot;:true,&quot;uuid&quot;:&quot;1041uuu.tumblr.com&quot;,&quot;can_be_followed&quot;:true,&quot;has_default_header&quot;:false,&quot;can_pixelate_avatar&quot;:false,&quot;nsfw&quot;:false,&quot;asks&quot;:true,&quot;anonymous_asks&quot;:0,&quot;is_subscribed&quot;:false,&quot;can_subscribe&quot;:false,&quot;is_blocking&quot;:false,&quot;global_theme_params&quot;:{&quot;avatar_shape&quot;:&quot;square&quot;,&quot;background_color&quot;:&quot;#FAFAFA&quot;,&quot;body_font&quot;:&quot;Helvetica Neue&quot;,&quot;header_bounds&quot;:&quot;30,474,286,20&quot;,&quot;header_image&quot;:&quot;http:\/\/static.tumblr.com\/2b0ec5e7d4763b0cc6aaba6982be379c\/tuvncqz\/ljfoco1nu\/tumblr_static_2i5cn6zq5qw4c8ocss0csokkc.gif&quot;,&quot;header_image_dimens&quot;:&quot;500,288;454,256&quot;,&quot;header_image_focused&quot;:&quot;https:\/\/static.tumblr.com\/2b0ec5e7d4763b0cc6aaba6982be379c\/tuvncqz\/6Ntoco1nx\/tumblr_static_tumblr_static_2i5cn6zq5qw4c8ocss0csokkc_640.gif&quot;,&quot;header_image_scaled&quot;:&quot;http:\/\/static.tumblr.com\/2b0ec5e7d4763b0cc6aaba6982be379c\/tuvncqz\/ljfoco1nu\/tumblr_static_2i5cn6zq5qw4c8ocss0csokkc_2048_v2.gif&quot;,&quot;header_stretch&quot;:true,&quot;link_color&quot;:&quot;#529ECC&quot;,&quot;show_avatar&quot;:true,&quot;show_description&quot;:true,&quot;show_header_image&quot;:true,&quot;show_title&quot;:true,&quot;title_color&quot;:&quot;#444444&quot;,&quot;title_font&quot;:&quot;Gibson&quot;,&quot;title_font_weight&quot;:&quot;bold&quot;}}" data-peepr="{&quot;tumblelog&quot;:&quot;1041uuu&quot;}">1041uuu</a></span></div><a href="/follow/1041uuu" class="reblog_follow_button " data-tumblelog-name="1041uuu" title="Follow 1041uuu"><span class="follow-text">Follow</span></a></div>

We are using a naive regex to strip out HTML tags: var noTags = /<[^>]*>/g;

I'm thinking about just walking the children of the header and extracting textContent. Trying to sanitize that mess does not seem fun.

bjornstar / Tumblr-Savior

Unescaped HTML in blog description causing intermittent problems #54