« get me outta code hell

html attribute value escaping fixes - hsmusic-wiki - HSMusic - static wiki software cataloguing collaborative creation
about summary refs log tree commit diff
diff options
context:
space:
mode:
author(quasar) nebula <towerofnix@gmail.com>2021-03-24 21:21:32 -0300
committer(quasar) nebula <towerofnix@gmail.com>2021-03-24 21:21:32 -0300
commit18b970bd7384858e3c2f12c0a71f2c2b012aede2 (patch)
tree67963bbd97c0bb293267aa7771c5d792321347d1
parent3fa97ac7235362921b5638ea757b518eaae28333 (diff)
html attribute value escaping fixes
-rwxr-xr-xupd8.js6
1 files changed, 4 insertions, 2 deletions
diff --git a/upd8.js b/upd8.js
index d71e1ba9..8ee41059 100755
--- a/upd8.js
+++ b/upd8.js
@@ -422,7 +422,7 @@ function genStrings(stringsJSON, defaultJSON = null) {
     // strings from embedding HTML tags or accidentally including characters
     // that throw HTML parsers off.
     for (const key of Object.keys(stringsJSON)) {
-        stringsJSON[key] = escapeAttributeValue(stringsJSON[key]);
+        stringsJSON[key] = he.encode(stringsJSON[key], {useNamedReferences: true});
     }
 
     // It's time to cre8te the actual langauge function!
@@ -1899,7 +1899,9 @@ function stringifyArtistData() {
 }
 
 function escapeAttributeValue(value) {
-    return he.encode(value, {useNamedReferences: true});
+    return value
+        .replaceAll('"', '&quot;')
+        .replaceAll("'", '&apos;');
 }
 
 function attributes(attribs) {