Allow special characters

[microcipcip]

Hi, how do you allow special characters?
For example, if you have This is my title's, it will render as This is my title's which doesn't rendere correctly in the title tag

[zspecza]

Hi @microcipcip - use __dangerouslyDisableSanitizers:

{
  metaInfo: {
    ...
    __dangerouslyDisableSanitizers: ['title']
  }
}

I should probably ponder the notion of making the sanitizers a little more lenient of certain characters and only sanitize HTML-relevant symbols like /, < and >. Happy to discuss.

[microcipcip]

Yes, that would be great, symbols like & and hyphen are quite common in the <title> and the meta tags :)

[microcipcip]

I've open this again as I guess it should be discussed more, as the alternative ATM seems to be using that long function or use lodash unescape. I guess that that function is set globally and not for each component?

[zspecza]

@microcipcip you're correct - since any deeply nested component overwrites it's parent metaInfo. I can't think of a use-case for per-component sanitization, and it would complicate things a little - but if there's a use for it, I'll consider it.

[microcipcip]

I guess that a global setting is what I need in this case, better than use __dangerouslyDisableSanitizers in 20 components :)

[zspecza]

I've dug more into this:

When server rendering, if meta charset='utf-8' is present, the correct title is displayed.
This is not true for a client render, as JavaScript does not understand HTML entity encoding, but rather character codes in the form of hexadecimal identifiers.

This means that escaping content on the client side does not currently work as intended. This is therefore a bug.

I'm looking into various ways to handle this issue, but so far all the methods I have found are either hacks or open XSS vulnerabilities. I'll keep looking.

[zspecza]

Hi @microcipcip - I've added a fix for this, could you update vue-meta & remove your __dangerouslyDisableSanitizers config and confirm if it works for you?

[microcipcip]

Thanks, I'll update it this evening when I get back from work :)

[microcipcip]

Hey, it works great, thanks a lot!

[equinusocio]

@declandewet I have same issue with meta tags. I have an og:image from CDN with query string that is escaped and so invalidated:

https://images.ctfassets.net/gz0sygvqczyz/2d5wlYciwkwLpvGlSMc8Eg/914a2626b91bbd41fe630238858c74a8/AR.png?fit=pad&f=top&w=1200&h=630&bg=rgb:F3F6F9

become

https://images.ctfassets.net/gz0sygvqczyz/2d5wlYciwkwLpvGlSMc8Eg/914a2626b91bbd41fe630238858c74a8/AR.png?fit=pad&f=top&w=1200&h=630&bg=rgb:F3F6F9

[aslamdoctor]

Hey, it works great, thanks a lot!
Can you recall what actions you performed to make this work?

[vedmant]

I have the same issue as @equinusocio, it escapes query in the url so url is not working anymore.