From 18b970bd7384858e3c2f12c0a71f2c2b012aede2 Mon Sep 17 00:00:00 2001
From: "(quasar) nebula" <towerofnix@gmail.com>
Date: Wed, 24 Mar 2021 21:21:32 -0300
Subject: html attribute value escaping fixes

---
 upd8.js | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/upd8.js b/upd8.js
index d71e1ba..8ee4105 100755
--- a/upd8.js
+++ b/upd8.js
@@ -422,7 +422,7 @@ function genStrings(stringsJSON, defaultJSON = null) {
     // strings from embedding HTML tags or accidentally including characters
     // that throw HTML parsers off.
     for (const key of Object.keys(stringsJSON)) {
-        stringsJSON[key] = escapeAttributeValue(stringsJSON[key]);
+        stringsJSON[key] = he.encode(stringsJSON[key], {useNamedReferences: true});
     }
 
     // It's time to cre8te the actual langauge function!
@@ -1899,7 +1899,9 @@ function stringifyArtistData() {
 }
 
 function escapeAttributeValue(value) {
-    return he.encode(value, {useNamedReferences: true});
+    return value
+        .replaceAll('"', '&quot;')
+        .replaceAll("'", '&apos;');
 }
 
 function attributes(attribs) {
-- 
cgit 1.3.0-6-gf8a5