Skip to content

Commit 3dbe015

Browse files
richarddushimericharddushime
authored
Fix JSON-LD escaping on Clusters pages (unparsable structured data) (#740)
* Fix JSON-LD escaping on Clusters pages (unparsable structured data) * sec harden
1 parent bd02cde commit 3dbe015

2 files changed

Lines changed: 10 additions & 4 deletions

File tree

layouts/partials/clusters/cluster_seo_jsonld.html

Lines changed: 5 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -5,9 +5,12 @@
55

66
{{ $summary := $p.Params.summary | default $p.Description | default "" }}
77
{{ if eq $summary "" }}
8-
{{ with $c.description }}{{ $summary = plainify . | truncate 300 "…" }}{{ end }}
8+
{{ with $c.description }}{{ $summary = . }}{{ end }}
99
{{ end }}
1010
{{ if eq $summary "" }}{{ $summary = printf "FORRT Cluster %d: %s." (int $c.number) $c.name }}{{ end }}
11+
{{ $summary = plainify $summary | truncate 300 "…" }}
12+
{{/* Defense-in-depth: prevent literal </script from terminating the tag */}}
13+
{{ $summary = replaceRE "(?i)</script" "<\\/script" $summary }}
1114

1215
{{ $hubURL := "clusters/" | absURL }}
1316

@@ -24,4 +27,4 @@
2427

2528
{{ $graph := slice $webpage $breadcrumb }}
2629
{{ $root := dict "@context" "https://schema.org" "@graph" $graph }}
27-
<script type="application/ld+json">{{ $root | jsonify | safeHTML }}</script>
30+
<script type="application/ld+json">{{ $root | jsonify | safeJS }}</script>

layouts/partials/clusters/seo_jsonld.html

Lines changed: 5 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -4,9 +4,12 @@
44

55
{{ $summary := .Params.summary | default .Description | default "" }}
66
{{ if eq $summary "" }}
7-
{{ with .Summary }}{{ $summary = plainify . | truncate 300 "…" }}{{ end }}
7+
{{ with .Summary }}{{ $summary = . }}{{ end }}
88
{{ end }}
99
{{ if eq $summary "" }}{{ $summary = "FORRT open science clusters taxonomy for educators and researchers." }}{{ end }}
10+
{{ $summary = plainify $summary | truncate 300 "…" }}
11+
{{/* Defense-in-depth: prevent literal </script from terminating the tag */}}
12+
{{ $summary = replaceRE "(?i)</script" "<\\/script" $summary }}
1013

1114
{{ $elements := slice }}
1215
{{ range $i, $c := $data.clusters }}
@@ -27,4 +30,4 @@
2730
{{ $itemlist := dict "@type" "ItemList" "@id" (printf "%s#itemlist" .Permalink) "name" "FORRT Open Science Clusters" "description" "Full taxonomy of open and reproducible science clusters with sub-clusters and teaching references." "numberOfItems" (len $data.clusters) "itemListElement" $elements }}
2831
{{ $graph := slice $webpage $itemlist }}
2932
{{ $root := dict "@context" "https://schema.org" "@graph" $graph }}
30-
<script type="application/ld+json">{{ $root | jsonify | safeHTML }}</script>
33+
<script type="application/ld+json">{{ $root | jsonify | safeJS }}</script>

0 commit comments

Comments
 (0)