From 8031102596e5e61380442f12f2ee95814ce05f88 Mon Sep 17 00:00:00 2001
From: Katharina Irrgang <katharina.irrgang@googlemail.com>
Date: Tue, 10 Jan 2017 13:21:37 +0100
Subject: [PATCH] =?UTF-8?q?=F0=9F=8E=A8=20=20escape=20sameAs=20for=20struc?=
 =?UTF-8?q?tured=20data=20(#7833)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

closes #7832

- escape output for json-ld
---
 core/server/data/meta/schema.js        | 4 ++--
 core/test/unit/metadata/schema_spec.js | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/core/server/data/meta/schema.js b/core/server/data/meta/schema.js
index 55fa0f30cb5d..4aad9067ee35 100644
--- a/core/server/data/meta/schema.js
+++ b/core/server/data/meta/schema.js
@@ -41,7 +41,7 @@ function trimSameAs(data, context) {
 
     if (context === 'post') {
         if (data.post.author.website) {
-            sameAs.push(data.post.author.website);
+            sameAs.push(escapeExpression(data.post.author.website));
         }
         if (data.post.author.facebook) {
             sameAs.push(socialUrls.facebookUrl(data.post.author.facebook));
@@ -51,7 +51,7 @@ function trimSameAs(data, context) {
         }
     } else if (context === 'author') {
         if (data.author.website) {
-            sameAs.push(data.author.website);
+            sameAs.push(escapeExpression(data.author.website));
         }
         if (data.author.facebook) {
             sameAs.push(socialUrls.facebookUrl(data.author.facebook));
diff --git a/core/test/unit/metadata/schema_spec.js b/core/test/unit/metadata/schema_spec.js
index 1b2d93e6b1e5..233fce07caf2 100644
--- a/core/test/unit/metadata/schema_spec.js
+++ b/core/test/unit/metadata/schema_spec.js
@@ -437,7 +437,7 @@ describe('getSchema', function () {
             context: ['author'],
             author: {
                 name: 'Author Name',
-                website: 'http://myblogsite.com/',
+                website: 'http://myblogsite.com/?user=bambedibu&a=<script>alert("bambedibu")</script>',
                 twitter: '@testuser'
             }
         }, schema = getSchema(metadata, data);
@@ -452,7 +452,7 @@ describe('getSchema', function () {
             },
             name: 'Author Name',
             sameAs: [
-                'http://myblogsite.com/',
+                'http://myblogsite.com/?user&#x3D;bambedibu&amp;a&#x3D;&lt;script&gt;alert(&quot;bambedibu&quot;)&lt;/script&gt;',
                 'https://twitter.com/testuser'
             ],
             url: 'http://mysite.com/author/me/'