mirror/hugo
1
0
Fork 0
mirror of https://github.com/gohugoio/hugo.git synced 2025-08-30 22:39:58 +02:00
Code Issues Packages Projects Releases Wiki Activity

tpl: Escape .Title in built-in image and link render hooks

Browse Source 
Co-authored-by: Joe Mooring <joe@mooring.com>
This commit is contained in:
Bjørn Erik Pedersen
2024-04-22 10:56:02 +02:00
parent 10a8448eee
commit 15a4b9b337
4 changed files with 52 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
tpl/tplimpl/embedded/templates/_default/_markup/render-image.html
View File

@@ -5,7 +5,7 @@
{{- $src = .RelPermalink -}}
{{- end -}}
{{- end -}}
{{- $attributes := merge .Attributes (dict "alt" .Text "src" $src "title" .Title) -}}
{{- $attributes := merge .Attributes (dict "alt" .Text "src" $src "title" (.Title | transform.HTMLEscape)) -}}
<img
{{- range $k, $v := $attributes -}}
{{- if $v -}}

2
tpl/tplimpl/embedded/templates/_default/_markup/render-link.html
View File

@@ -17,7 +17,7 @@
{{- end -}}
{{- end -}}
{{- end -}}
{{- $attributes := dict "href" $href "title" .Title -}}
{{- $attributes := dict "href" $href "title" (.Title | transform.HTMLEscape) -}}
<a
{{- range $k, $v := $attributes -}}
{{- if $v -}}