From 5743273a1a67c0b9ad1e17e893eccb210b87ccf6 Mon Sep 17 00:00:00 2001 From: "(quasar) nebula" Date: Wed, 8 Oct 2025 19:51:21 -0300 Subject: content: generatePageLayout: don't re-sanitize contents --- src/content/dependencies/generatePageLayout.js | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) (limited to 'src/content') diff --git a/src/content/dependencies/generatePageLayout.js b/src/content/dependencies/generatePageLayout.js index f3fad2db..ae0d102c 100644 --- a/src/content/dependencies/generatePageLayout.js +++ b/src/content/dependencies/generatePageLayout.js @@ -656,13 +656,25 @@ export default { language.encapsulate('misc.pageTitle', workingCapsule => { const workingOptions = {}; + // Slightly jank: The output of striptags is, of course, a string, + // and as far as language.formatString() is concerned, that means + // it needs to be sanitized - including turning ampersands into + // &'s. But the title is already HTML that has implicitly been + // sanitized, however it got here, and includes HTML entities that + // are properly escaped. Those need to get included as they are, + // so we wrap the title in a tag and pass it off as good to go. workingOptions.title = - striptags(slots.title.toString()); + html.tags([ + striptags(slots.title.toString()), + ]); if (!html.isBlank(slots.subtitle)) { + // Same shenanigans here, as far as wrapping striptags goes. workingCapsule += '.withSubtitle'; workingOptions.subtitle = - striptags(slots.subtitle.toString()); + html.tags([ + striptags(slots.subtitle.toString()); + ]); } const showWikiName = -- cgit 1.3.0-6-gf8a5