Sanitize YAML data

Author: meiamsome

_jekyll/includes/3-modules/link-list.html

@@ -8,16 +8,16 @@
     - author[.name] string|Author   The author's name of the linked content.
     - author.url string             The author's URL of the linked content.
     - source string                 Link to the source code of the link's destination.
-  
+
   Parameters:
     title string    The title of this list of links.
     link Link[]     The link objects to display in the list.
     class string    A CSS class that should be applied to the list's container.
 {% endcomment %}
 
 
-<div class="link-list {{ include.class }}">
-  <h3>{{ include.title }}</h3>
+<div class="link-list {{ include.class | xml_escape }}">
+  <h3>{{ include.title | xml_escape }}</h3>
   <ul>
     {% for link in include.links %}
       <li>
@@ -36,7 +36,7 @@ <h3>{{ include.title }}</h3>
           {% assign url = link.url %}
         {% endif %}
 
-          
+
         {% comment %} Generate link based on its destination (internal or external). {% endcomment %}
         {% if url contains 'http://' or url contains 'https://' %}
 
@@ -49,16 +49,16 @@ <h3>{{ include.title }}</h3>
         {% else %}
 
           {% comment %} No link, just show the text. {% endcomment %}
-          <span class="fake-link">{{ link.title }}</span>
+          <span class="fake-link">{{ link.title | xml_escape }}</span>
         {% endif %}
 
 
         {% comment %} Link to the destination's author. {% endcomment %}
         {% if link.author %}
           {% if link.author.url %}
-            <i>by <a href="{{ link.author.url }}" target="blank">{{ link.author.name }}</a></i>
+            <i>by <a href="{{ link.author.url }}" target="blank">{{ link.author.name | xml_escape }}</a></i>
           {% else %}
-            <i>by {{ link.author.name | default: link.author }}</i>
+            <i>by {{ link.author.name | default: link.author | xml_escape }}</i>
           {% endif %}
         {% endif %}
 

_jekyll/includes/3-modules/video-card.html

@@ -38,7 +38,7 @@
       </div>
 
       {% comment %} Video title. {% endcomment %}
-      <h3>{{ include.video.title }}</h3>
+      <h3>{{ include.video.title | xml_escape }}</h3>
 
       {% comment %} Release date. {% endcomment %}
       {% if include.video.date > site.time %}

_jekyll/layouts/base.html

@@ -24,7 +24,7 @@ <h2>Sorry, but this videos hasn't been processed yet</h2>
         {% else %}
 
           {% if page.title %}
-            <h2>{{ page.title }}</h2>
+            <h2>{{ page.title | xml_escape }}</h2>
           {% endif %}
 
           {{ content }}

_jekyll/layouts/series-index.html

@@ -5,7 +5,7 @@
 <div class="series-index">
   {% comment %} Extract the path of this series. {% endcomment %}
   {% assign thisSeriesPath = page.path | remove: '/index.md' | append: '/' %}
-  
+
   {% comment %} Only select videos that are in this series. {% endcomment %}
   {% assign videos = site[page.collection] %}
   {% include 1-tools/sort-videos.html videos=videos seriesPage=page %}
@@ -30,7 +30,7 @@
       {% endif %}
     {% endunless %}
 
-    {{ page.subtitle }}
+    {{ page.subtitle | xml_escape }}
   </div>
 
   {% comment %} Show the series description. {% endcomment %}
@@ -43,7 +43,7 @@
     {% assign seriesIndexPages = videos | where: 'layout', 'series-index'
                                         | where_exp: 'seriesIndex', 'seriesIndex.path != page.path'
                                         | sort: 'series_number' %}
-    
+
     {% comment %} Show the first three videos for every series ... {% endcomment %}
     {% for seriesIndexPage in seriesIndexPages %}