Page breaks if title contains single quotes

[grikomsn]

Hi there, big fan of the project!

Apparently when trying to deploy using a title with single quotes (e.g. My Family's Photo Stream), the page breaks on this particular JavaScript part:

https://github.com/waschinski/photo-stream/blob/609375a7c0d39b595a7ede35acb2982069b7b01f/_includes/javascript.html#L50-L68

Note on line 54, title is directly used without escaping or sanitizing the quotes. I am not familiar with Jekyll or Ruby, but should there be a way to escape or sanitize env values before usage? Maybe using xml_escape^1?

- text: 'I found a cool photo over at {{ site.env.TITLE }}! Check it out!',
+ text: 'I found a cool photo over at {{ site.env.TITLE | xml_escape }}! Check it out!',

[boerniee]

Hey @grikomsn good finding! I would prefer to simply just replace the single tick by a escaped single tick (\'). If we use the escape filter, you would get the html encoded single tick (') in your share message. Whats your opinion on that @waschinski?

[waschinski]

I agree, simply escaping single (and probably double ticks) should be fine. I don't know what smartify does it might be worth checking that out.

[boerniee]

smartify works and is the best solution for this problem. It replaces the single tick by an apostrophe.