From d8d2ad5a5c766d22171cbd3d3163e6196e7721e0 Mon Sep 17 00:00:00 2001
From: Sam <samerton@users.noreply.github.com>
Date: Sat, 9 Mar 2024 20:40:39 +0000
Subject: [PATCH] Strip HTML tags from page description (#3490)

* fix: page description should not include html tags

* fix: quotes in page description should be escaped
---
 core/templates/frontend_init.php | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/core/templates/frontend_init.php b/core/templates/frontend_init.php
index ba0fd49864..1ae8f24c9c 100644
--- a/core/templates/frontend_init.php
+++ b/core/templates/frontend_init.php
@@ -108,8 +108,8 @@
     if ($page_metadata->count()) {
         $page_metadata = $page_metadata->first();
         $smarty->assign([
-            'PAGE_DESCRIPTION' => str_replace('{site}', Output::getClean(SITE_NAME), Output::getPurified($page_metadata->description)),
-            'PAGE_KEYWORDS' => Output::getPurified($page_metadata->tags),
+            'PAGE_DESCRIPTION' => str_replace('{site}', Output::getClean(SITE_NAME), addslashes(strip_tags($page_metadata->description))),
+            'PAGE_KEYWORDS' => addslashes(strip_tags($page_metadata->tags)),
         ]);
 
         $og_image = $page_metadata->image;
@@ -118,14 +118,14 @@
         }
     } else {
         $smarty->assign([
-            'PAGE_DESCRIPTION' => str_replace('{site}', Output::getClean(SITE_NAME), Output::getPurified(Settings::get('default_meta_description', ''))),
-            'PAGE_KEYWORDS' => Output::getPurified(Settings::get('default_meta_keywords', '')),
+            'PAGE_DESCRIPTION' => str_replace('{site}', Output::getClean(SITE_NAME), addslashes(strip_tags(Settings::get('default_meta_description', '')))),
+            'PAGE_KEYWORDS' => addslashes(strip_tags(Settings::get('default_meta_keywords', ''))),
         ]);
     }
 } else {
     $smarty->assign([
-        'PAGE_DESCRIPTION' => str_replace('{site}', Output::getClean(SITE_NAME), Output::getPurified(PAGE_DESCRIPTION)),
-        'PAGE_KEYWORDS' => (defined('PAGE_KEYWORDS') ? Output::getPurified(PAGE_KEYWORDS) : ''),
+        'PAGE_DESCRIPTION' => str_replace('{site}', Output::getClean(SITE_NAME), addslashes(strip_tags(PAGE_DESCRIPTION))),
+        'PAGE_KEYWORDS' => (defined('PAGE_KEYWORDS') ? addslashes(strip_tags(PAGE_KEYWORDS)) : ''),
     ]);
 }