From 36271d15f518b54a6e6065eff9b73769db6a5c5c Mon Sep 17 00:00:00 2001
From: Pander <198964+PanderMusubi@users.noreply.github.com>
Date: Fri, 11 Jul 2025 03:43:17 +0200
Subject: [PATCH] Additional HTML escaping for titles and metadata (#5276)
---
CHANGELOG.md | 2 ++
_includes/footer.html | 4 ++--
_includes/masthead.html | 4 ++--
_includes/seo.html | 6 +++---
4 files changed, 9 insertions(+), 7 deletions(-)
diff --git a/CHANGELOG.md b/CHANGELOG.md
index ab35a7d0..5d589e87 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,7 @@
# Changelog
+- Add HTML escaping for some titles, labels and metada that was missing.
+
## [4.27.1](https://github.com/mmistakes/minimal-mistakes/releases/tag/4.27.1)
### Enhancements
diff --git a/_includes/footer.html b/_includes/footer.html
index 2b2b7ee1..cde75d2f 100644
--- a/_includes/footer.html
+++ b/_includes/footer.html
@@ -7,7 +7,7 @@
{% if site.footer.links %}
{% for link in site.footer.links %}
{% if link.label and link.url %}
- {{ link.label }}
+ {{ link.label | escape_once | strip }}
{% endif %}
{% endfor %}
{% endif %}
@@ -18,4 +18,4 @@
-
+
diff --git a/_includes/masthead.html b/_includes/masthead.html
index f919fb77..c97b2aa3 100644
--- a/_includes/masthead.html
+++ b/_includes/masthead.html
@@ -8,8 +8,8 @@
{% endunless %}
- {{ site.masthead_title | default: site.title }}
- {% if site.subtitle %}{{ site.subtitle }}{% endif %}
+ {{ site.masthead_title | default: site.title | escape_once | strip }}
+ {% if site.subtitle %}{{ site.subtitle | escape_once | strip }}{% endif %}
{%- for link in site.data.navigation.main -%}
diff --git a/_includes/seo.html b/_includes/seo.html
index e500c6f3..1e04a261 100644
--- a/_includes/seo.html
+++ b/_includes/seo.html
@@ -39,15 +39,15 @@
{% if author.name %}
-
+
{% if og_type == "article" %}
-
+
{% endif %}
{% endif %}
-
+