PLANET-7630: render special chars when post is shared #2893
PLANET-7630: render special chars when post is shared #2893GP-Dan-Tovbein wants to merge 5 commits intomainfrom
Conversation
/unhold 492b7730-0b10-4932-9b4d-031237c4b548
Test instance is ready 🚀🌑 nix | admin | blocks report | CircleCI | composer-local.json ⌚ 2026.02.24 05:09:06 |
/unhold 05b5cf1d-c422-4804-ac1a-268becd3f631
- Render just raw the content
- Standarize title content
- Make the variable safe
20c7396 to
61635fc
Compare
/unhold 3b10c28a-63f5-44ed-8a6e-206332ba0cfb
templates/blocks/meta_fields.twig
Outdated
|
|
||
| <meta name="title" content="{{ title|e('html_attr')|raw }}"/> | ||
| <meta property="og:title" content="{{ title|e('html_attr')|raw }}" /> | ||
| {% set title = title|replace({'`': "'"})|raw %} |
There was a problem hiding this comment.
We might need to replace backticks with ' to avoid XSS atacks.
|
Code-wise, the fix looks good to me 👍 However, I would suggest doing UAT with an NRO person who reported the issue, as there may be additional cases involving special characters (such as &) that could still affect social sharing. |
- Move title logic to PHP instead of Twig
/unhold 90d2b9f1-bf9f-4220-82cd-fffbe5da3187
|
I am checking this page preview on Twitter (I am not aware of any official tool if exist to test this, but for now using the one below) -
The special characters in the title are breaking social share previews. |
Remove unnecesary comments
/unhold 9a4e6b64-2707-4965-b401-05a75122ecfe
/unhold 6ade0555-31a2-4cd4-a3bd-e9f113ebda8d
I'm getting a different result
|




Summary
Render just raw the content and prevent XSS atacks.
Please check the reported issue on Slack https://greenpeace.slack.com/archives/C0151L0KKNX/p1770909176985789
After

Ref: https://greenpeace-planet4.atlassian.net/browse/PLANET-7630
Testing