New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Escape html from site.title and page.title #4307

Merged
merged 1 commit into from Jan 5, 2016

Conversation

Projects
None yet
4 participants
@fulldecent
Contributor

fulldecent commented Jan 3, 2016

No description provided.

@envygeeks

This comment has been minimized.

Show comment
Hide comment
@envygeeks

envygeeks Jan 3, 2016

Contributor

I'm not against this but I would like to know what end this serves? I don't think it should be our job to encapsulate and correct the mistakes of users.

Contributor

envygeeks commented Jan 3, 2016

I'm not against this but I would like to know what end this serves? I don't think it should be our job to encapsulate and correct the mistakes of users.

@fulldecent

This comment has been minimized.

Show comment
Hide comment
@fulldecent

fulldecent Jan 3, 2016

Contributor

In the Front Matter Variables documentation https://jekyllrb.com/docs/variables/, the title is defined as

The title of the Page.

which does not mention HTML-escaping the string. This implies that escaping/encoding would be the responsibility of downstream.

This is also consistent with the XML outputting: https://github.com/jekyll/jekyll/blob/2807b8a012ead8b8fe7ed30f1a8ad1f6f9de7ba4/lib/site_template/feed.xml

<title>{{ site.title | xml_escape }}</title>

This PR updates Jekyll HTML output to be consistent with documentation and other code and also enforcing a separation of content and presentation.

Contributor

fulldecent commented Jan 3, 2016

In the Front Matter Variables documentation https://jekyllrb.com/docs/variables/, the title is defined as

The title of the Page.

which does not mention HTML-escaping the string. This implies that escaping/encoding would be the responsibility of downstream.

This is also consistent with the XML outputting: https://github.com/jekyll/jekyll/blob/2807b8a012ead8b8fe7ed30f1a8ad1f6f9de7ba4/lib/site_template/feed.xml

<title>{{ site.title | xml_escape }}</title>

This PR updates Jekyll HTML output to be consistent with documentation and other code and also enforcing a separation of content and presentation.

@envygeeks

This comment has been minimized.

Show comment
Hide comment
@envygeeks

envygeeks Jan 3, 2016

Contributor

I don't agree with the applied logic here but I'm neutral so I'll leave it to others to decide.

Contributor

envygeeks commented Jan 3, 2016

I don't agree with the applied logic here but I'm neutral so I'll leave it to others to decide.

parkr added a commit that referenced this pull request Jan 5, 2016

@parkr parkr merged commit f47612e into jekyll:master Jan 5, 2016

1 check passed

continuous-integration/travis-ci/pr The Travis CI build passed
Details

parkr added a commit that referenced this pull request Jan 5, 2016

@fulldecent fulldecent deleted the fulldecent:patch-1 branch Jan 5, 2016

yous added a commit to yous/jekyll that referenced this pull request Feb 28, 2016

@jekyll jekyll locked and limited conversation to collaborators Feb 27, 2017

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.