content: generatePageLayout: don't re-sanitize <title> contents

1 files changed, 14 insertions, 2 deletions

diff --git a/src/content/dependencies/generatePageLayout.js b/src/content/dependencies/generatePageLayout.js
index f3fad2db..ae0d102c 100644
--- a/src/content/dependencies/generatePageLayout.js
+++ b/src/content/dependencies/generatePageLayout.js
@@ -656,13 +656,25 @@ export default {
               language.encapsulate('misc.pageTitle', workingCapsule => {
                 const workingOptions = {};
 
+                // Slightly jank: The output of striptags is, of course, a string,
+                // and as far as language.formatString() is concerned, that means
+                // it needs to be sanitized - including turning ampersands into
+                // &'s. But the title is already HTML that has implicitly been
+                // sanitized, however it got here, and includes HTML entities that
+                // are properly escaped. Those need to get included as they are,
+                // so we wrap the title in a tag and pass it off as good to go.
                 workingOptions.title =
-                  striptags(slots.title.toString());
+                  html.tags([
+                    striptags(slots.title.toString()),
+                  ]);
 
                 if (!html.isBlank(slots.subtitle)) {
+                  // Same shenanigans here, as far as wrapping striptags goes.
                   workingCapsule += '.withSubtitle';
                   workingOptions.subtitle =
-                    striptags(slots.subtitle.toString());
+                    html.tags([
+                      striptags(slots.subtitle.toString());
+                    ]);
                 }
 
                 const showWikiName =