From 961375e046000c17fee70ab21f5e47a990788b5a Mon Sep 17 00:00:00 2001 From: matt wilkie Date: Sat, 4 Feb 2023 14:01:30 -0800 Subject: [PATCH 1/3] safely wrap `title:` contents using json `dumps` This should handle any arbitrary punctuation marks which may happen to be in the Title - `",',\,*,...etc`. I don't undersand why this works, since we're not doing anything with json. I just know that everything I've thrown at it comes out safely. I left the change from #15 intact, though json.dumps makes it unnecessary. --- pelican/plugins/search/search.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/pelican/plugins/search/search.py b/pelican/plugins/search/search.py index 10f762a..61ad17a 100644 --- a/pelican/plugins/search/search.py +++ b/pelican/plugins/search/search.py @@ -9,6 +9,7 @@ from codecs import open from inspect import cleandoc +from json import dumps import logging import os.path from shutil import which @@ -23,6 +24,7 @@ class SearchSettingsGenerator: def __init__(self, context, settings, path, theme, output_path, *null): + self.output_path = output_path self.context = context self.content = settings.get("PATH") @@ -74,7 +76,7 @@ def generate_output(self, writer): [[input.files]] path = "{page_to_index}" url = "/{page.url}" - title = "{title}" + title = {dumps(striptags(page.title))} """ input_files = "".join([input_files, input_file]) From 1cd16990a918dc32c25e9c365cdf44d12b85a908 Mon Sep 17 00:00:00 2001 From: "pre-commit-ci[bot]" <66853113+pre-commit-ci[bot]@users.noreply.github.com> Date: Sat, 4 Feb 2023 22:11:27 +0000 Subject: [PATCH 2/3] [pre-commit.ci] auto fixes from pre-commit.com hooks for more information, see https://pre-commit.ci --- pelican/plugins/search/search.py | 1 - 1 file changed, 1 deletion(-) diff --git a/pelican/plugins/search/search.py b/pelican/plugins/search/search.py index 61ad17a..efbe560 100644 --- a/pelican/plugins/search/search.py +++ b/pelican/plugins/search/search.py @@ -24,7 +24,6 @@ class SearchSettingsGenerator: def __init__(self, context, settings, path, theme, output_path, *null): - self.output_path = output_path self.context = context self.content = settings.get("PATH") From eca5f3c1eeab4668d5dd7ecb61c91978ece9774c Mon Sep 17 00:00:00 2001 From: matt wilkie Date: Tue, 7 Feb 2023 21:51:31 -0700 Subject: [PATCH 3/3] test pre-commit hook (remove prior quote handling) ...by removing manual title cleaning of nested quotes. Linting test is successful: commit was blocked until the now unused `title` variable was removed. My earlier statement was incorrect: processing `title` with the manual quote handling AND dumps *does* result in double escaping of quotes. --- pelican/plugins/search/search.py | 2 -- 1 file changed, 2 deletions(-) diff --git a/pelican/plugins/search/search.py b/pelican/plugins/search/search.py index efbe560..49048e3 100644 --- a/pelican/plugins/search/search.py +++ b/pelican/plugins/search/search.py @@ -69,8 +69,6 @@ def generate_output(self, writer): page_to_index = page.save_as if self.search_mode == "source": page_to_index = page.relative_source_path - # Escape double quotes in title - title = striptags(page.title).replace('"', '\\"') input_file = f""" [[input.files]] path = "{page_to_index}"