Closed grikomsn closed 2 years ago
Hey @grikomsn good finding! I would prefer to simply just replace the single tick by a escaped single tick (\'). If we use the escape filter, you would get the html encoded single tick (') in your share message. Whats your opinion on that @waschinski?
I agree, simply escaping single (and probably double ticks) should be fine. I don't know what smartify
does it might be worth checking that out.
smartify works and is the best solution for this problem. It replaces the single tick by an apostrophe.
Hi there, big fan of the project!
Apparently when trying to deploy using a title with single quotes (e.g.
My Family's Photo Stream
), the page breaks on this particular JavaScript part:https://github.com/waschinski/photo-stream/blob/609375a7c0d39b595a7ede35acb2982069b7b01f/_includes/javascript.html#L50-L68
Note on line 54, title is directly used without escaping or sanitizing the quotes. I am not familiar with Jekyll or Ruby, but should there be a way to escape or sanitize env values before usage? Maybe using
xml_escape
^1?