From 1b995dbd3ffe55fc61954ab9644c7e9741bdb99e Mon Sep 17 00:00:00 2001
From: Dion Hulse <dion@automattic.com>
Date: Thu, 11 Sep 2025 10:26:43 +1000
Subject: [PATCH 1/2] Add HTML stripping option to makeLongWordsShort

---
 modules/live-comments/js/views/item.js | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/modules/live-comments/js/views/item.js b/modules/live-comments/js/views/item.js
index bb30737..297ad9a 100644
--- a/modules/live-comments/js/views/item.js
+++ b/modules/live-comments/js/views/item.js
@@ -15,7 +15,14 @@ o2.Views.LiveCommentsWidgetItemView = ( function( $ ) {
 		initialize: function() {
 		},
 
-		makeLongWordsShort: function( content, limit ) {
+		makeLongWordsShort: function( content, limit, stripHTML ) {
+			if ( stripHTML ) {
+				// Rendering the content in a div is safe here, as we'll add it to the DOM later anyway, and we trust WordPress to have sanitized it.
+				var div = document.createElement( 'div' );
+				div.innerHTML = content;
+				content = div.textContent || div.innerText || content;
+			}
+
 			var contentArray = content.split( ' ' );
 			for ( var i=0; i < contentArray.length; i++ ) {
 				if ( contentArray[i].length > limit ) {
@@ -29,7 +36,7 @@ o2.Views.LiveCommentsWidgetItemView = ( function( $ ) {
 		render: function() {
 			var jsonifiedModel = this.model.toJSON();
 
-			jsonifiedModel.title = this.makeLongWordsShort( jsonifiedModel.title, 15 );
+			jsonifiedModel.title = this.makeLongWordsShort( jsonifiedModel.title, 15, true );
 			jsonifiedModel.author = o2.UserCache.getUserFor( this.model.attributes, 32 );
 
 			var titleForItem = jsonifiedModel.title,

From 292eb675301bbd8a4ebf56ac6c0001704b8c8d13 Mon Sep 17 00:00:00 2001
From: Dion Hulse <dion@automattic.com>
Date: Thu, 11 Sep 2025 10:31:29 +1000
Subject: [PATCH 2/2] Live Comments: Don't render HTML in titles of new posts

---
 modules/live-comments/load.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/live-comments/load.php b/modules/live-comments/load.php
index 4687639..d440581 100644
--- a/modules/live-comments/load.php
+++ b/modules/live-comments/load.php
@@ -40,7 +40,7 @@ function live_item_templates() {
 					<# if ( 'comment' === data.type ) { #>
 						data-postid="{{ data.postID }}"
 					<# } #>
-					>{{{ data.title }}}</a>
+					>{{ data.title }}</a>
 					<br/>
 					<span class="entry-date o2-timestamp" data-unixtime="{{ data.unixtime }}" data-domref="{{ data.domRef }}"
 						<# if ( 'comment' === data.type ) { #>