Page breaks if title contains single quotes

[grikomsn]

Hi there, big fan of the project!

Apparently when trying to deploy using a title with single quotes (e.g. My Family's Photo Stream), the page breaks on this particular JavaScript part:

photo-stream/_includes/javascript.html

Lines 50 to 68 in 609375a

	const shareImage = (title, url) => {
	if (navigator.canShare) {
	const shareData = {
	title: title,
	text: 'I found a cool photo over at {{ site.env.TITLE }}! Check it out!',
	url: url
	}
	navigator.share(shareData)
	} else {
	navigator.clipboard.writeText(`I found a cool photo over at {{ site.env.TITLE }}! Check it out!\n\n${window.location.origin}${url}`);
	Toastify({
	text: "Copied to clipboard",
	duration: 3000,
	style: {
	background: "rgba(0, 0, 0, 0.7)"
	}
	}).showToast();
	}
	}

Note on line 54, title is directly used without escaping or sanitizing the quotes. I am not familiar with Jekyll or Ruby, but should there be a way to escape or sanitize env values before usage? Maybe using xml_escape¹?

- text: 'I found a cool photo over at {{ site.env.TITLE }}! Check it out!',
+ text: 'I found a cool photo over at {{ site.env.TITLE | xml_escape }}! Check it out!',

Footnotes

1. https://jekyllrb.com/docs/liquid/filters/ ↩

[boerniee]

Hey @grikomsn
good finding! I would prefer to simply just replace the single tick by a escaped single tick ('). If we use the escape filter, you would get the html encoded single tick (') in your share message.
Whats your opinion on that @waschinski?

[waschinski]

I agree, simply escaping single (and probably double ticks) should be fine. I don't know what smartify does it might be worth checking that out.

[boerniee]

smartify works and is the best solution for this problem. It replaces the single tick by an apostrophe.