diff options
| author | Rodolfo Carvalho <rhcarvalho@gmail.com> | 2019-04-22 15:26:36 +0100 |
|---|---|---|
| committer | Bjørn Erik Pedersen <bjorn.erik.pedersen@gmail.com> | 2019-05-17 16:00:54 +0200 |
| commit | e22b3f54c3d8ce6567c21c63beab0b03cf7983ea (patch) | |
| tree | 850d61fce01aa770a5abec671a4a33472a72b74a /tpl | |
| parent | 71b8d8b6a4127acacda8ada08cd61d7bfb18e962 (diff) | |
tpl: Fix internal templates usage of safeHTMLAttr
The `safeHTMLAttr` function operates on a full attribute definition, not
just within the attribute value.
Docs: https://gohugo.io/functions/safehtmlattr/
For `opengraph.html`, run the whole `content` HTML attribute through
`safeHTMLAttr`. That will preserve `+` signs in formatted dates.
For `vimeo_simple.html`, `safeHTMLAttr` was in the context of an
attribute value, thus having no effect. In this case we could replace it
with `safeURL`, but since the code is coming from an API it is safer to
just let Go's template engine sanitize the value as it already does with
`provider_url`.
Fixes #5236 (no need to change Go upstream)
Related to #5246
Diffstat (limited to 'tpl')
| -rw-r--r-- | tpl/tplimpl/embedded/templates.autogen.go | 11 | ||||
| -rw-r--r-- | tpl/tplimpl/embedded/templates/opengraph.html | 9 | ||||
| -rw-r--r-- | tpl/tplimpl/embedded/templates/shortcodes/vimeo_simple.html | 2 |
3 files changed, 12 insertions, 10 deletions
diff --git a/tpl/tplimpl/embedded/templates.autogen.go b/tpl/tplimpl/embedded/templates.autogen.go index 164f3b927..58d0b2799 100644 --- a/tpl/tplimpl/embedded/templates.autogen.go +++ b/tpl/tplimpl/embedded/templates.autogen.go @@ -187,14 +187,15 @@ if (!doNotTrack) { <meta property="og:image" content="{{ . | absURL }}" /> {{ end }}{{ end }} +{{- $iso8601 := "2006-01-02T15:04:05-07:00" -}} {{- if .IsPage }} -{{- if not .PublishDate.IsZero }}<meta property="article:published_time" content="{{ .PublishDate.Format "2006-01-02T15:04:05-07:00" | safeHTMLAttr }}"/> -{{ else if not .Date.IsZero }}<meta property="article:published_time" content="{{ .Date.Format "2006-01-02T15:04:05-07:00" | safeHTMLAttr }}"/> +{{- if not .PublishDate.IsZero }}<meta property="article:published_time" {{ .PublishDate.Format $iso8601 | printf "content=%q" | safeHTMLAttr }} /> +{{ else if not .Date.IsZero }}<meta property="article:published_time" {{ .Date.Format $iso8601 | printf "content=%q" | safeHTMLAttr }} /> {{ end }} -{{- if not .Lastmod.IsZero }}<meta property="article:modified_time" content="{{ .Lastmod.Format "2006-01-02T15:04:05-07:00" | safeHTMLAttr }}"/>{{ end }} +{{- if not .Lastmod.IsZero }}<meta property="article:modified_time" {{ .Lastmod.Format $iso8601 | printf "content=%q" | safeHTMLAttr }} />{{ end }} {{- else }} {{- if not .Date.IsZero }} -<meta property="og:updated_time" content="{{ .Date.Format "2006-01-02T15:04:05-07:00" | safeHTMLAttr }}"/> +<meta property="og:updated_time" {{ .Date.Format $iso8601 | printf "content=%q" | safeHTMLAttr }} /> {{- end }} {{- end }}{{/* .IsPage */}} @@ -482,7 +483,7 @@ if (!doNotTrack) { {{ $secondClass := "s_video_simple" }} <div class="{{ $secondClass }} {{ $class }}"> {{- with $item }} -<a href="{{ .provider_url }}{{ .video_id | safeHTMLAttr }}" target="_blank"> +<a href="{{ .provider_url }}{{ .video_id }}" target="_blank"> {{ $thumb := .thumbnail_url }} {{ $original := $thumb | replaceRE "(_.*\\.)" "." }} <img src="{{ $thumb }}" srcset="{{ $thumb }} 1x, {{ $original }} 2x" alt="{{ .title }}"> diff --git a/tpl/tplimpl/embedded/templates/opengraph.html b/tpl/tplimpl/embedded/templates/opengraph.html index 8e4fb8115..de2d2fddf 100644 --- a/tpl/tplimpl/embedded/templates/opengraph.html +++ b/tpl/tplimpl/embedded/templates/opengraph.html @@ -6,14 +6,15 @@ <meta property="og:image" content="{{ . | absURL }}" /> {{ end }}{{ end }} +{{- $iso8601 := "2006-01-02T15:04:05-07:00" -}} {{- if .IsPage }} -{{- if not .PublishDate.IsZero }}<meta property="article:published_time" content="{{ .PublishDate.Format "2006-01-02T15:04:05-07:00" | safeHTMLAttr }}"/> -{{ else if not .Date.IsZero }}<meta property="article:published_time" content="{{ .Date.Format "2006-01-02T15:04:05-07:00" | safeHTMLAttr }}"/> +{{- if not .PublishDate.IsZero }}<meta property="article:published_time" {{ .PublishDate.Format $iso8601 | printf "content=%q" | safeHTMLAttr }} /> +{{ else if not .Date.IsZero }}<meta property="article:published_time" {{ .Date.Format $iso8601 | printf "content=%q" | safeHTMLAttr }} /> {{ end }} -{{- if not .Lastmod.IsZero }}<meta property="article:modified_time" content="{{ .Lastmod.Format "2006-01-02T15:04:05-07:00" | safeHTMLAttr }}"/>{{ end }} +{{- if not .Lastmod.IsZero }}<meta property="article:modified_time" {{ .Lastmod.Format $iso8601 | printf "content=%q" | safeHTMLAttr }} />{{ end }} {{- else }} {{- if not .Date.IsZero }} -<meta property="og:updated_time" content="{{ .Date.Format "2006-01-02T15:04:05-07:00" | safeHTMLAttr }}"/> +<meta property="og:updated_time" {{ .Date.Format $iso8601 | printf "content=%q" | safeHTMLAttr }} /> {{- end }} {{- end }}{{/* .IsPage */}} diff --git a/tpl/tplimpl/embedded/templates/shortcodes/vimeo_simple.html b/tpl/tplimpl/embedded/templates/shortcodes/vimeo_simple.html index dac4aaa03..50699ecd4 100644 --- a/tpl/tplimpl/embedded/templates/shortcodes/vimeo_simple.html +++ b/tpl/tplimpl/embedded/templates/shortcodes/vimeo_simple.html @@ -10,7 +10,7 @@ {{ $secondClass := "s_video_simple" }} <div class="{{ $secondClass }} {{ $class }}"> {{- with $item }} -<a href="{{ .provider_url }}{{ .video_id | safeHTMLAttr }}" target="_blank"> +<a href="{{ .provider_url }}{{ .video_id }}" target="_blank"> {{ $thumb := .thumbnail_url }} {{ $original := $thumb | replaceRE "(_.*\\.)" "." }} <img src="{{ $thumb }}" srcset="{{ $thumb }} 1x, {{ $original }} 2x" alt="{{ .title }}"> |