fix: htmlencode titles before rendering the static html index and detail

2025-05-28 05:34:14 -04:00 · 2020-07-16 09:20:33 -05:00 · 2020-07-16 09:20:33 -05:00 · f845224d6f
commit f845224d6f
parent 175e6fa3d0
3 changed files with 715 additions and 2 deletions
--- a/archivebox/index/html.py
+++ b/archivebox/index/html.py
@ -90,7 +90,7 @@ def main_index_row_template(link: Link) -> str:
        **link._asdict(extended=True),
        
        # before pages are finished archiving, show loading msg instead of title
-        'title': (
+        'title': htmlencode(
            link.title
            or (link.base_url if link.is_archived else TITLE_LOADING_MSG)
        ),
@ -129,7 +129,7 @@ def link_details_template(link: Link) -> str:
    return render_legacy_template(LINK_DETAILS_TEMPLATE, {
        **link_info,
        **link_info['canonical'],
-        'title': (
+        'title': htmlencode(
            link.title
            or (link.base_url if link.is_archived else TITLE_LOADING_MSG)
        ),