Skip to content

Commit

Permalink
escape titles that weren't (#3514)
Browse files Browse the repository at this point in the history
  • Loading branch information
@ludoboludo @dan-menard
ludoboludo authored and dan-menard committed Jul 3, 2024
1 parent 4331aed commit a819d0a
Show file tree
Hide file tree
Showing 6 changed files with 54 additions and 30 deletions.
4 changes: 2 additions & 2 deletions sections/footer.liquid
View file
Original file line number Diff line number Diff line change
Expand Up @@ -95,7 +95,7 @@
href="{{ link.url }}"
class="link link--text list-menu__item list-menu__item--link{% if link.active %} list-menu__item--active{% endif %}"
>
{{ link.title }}
{{ link.title | escape }}
</a>
</li>
{%- endfor -%}
Expand Down Expand Up @@ -303,7 +303,7 @@
{%- if policy != blank -%}
<li>
<small class="copyright__content"
><a href="{{ policy.url }}">{{ policy.title }}</a></small
><a href="{{ policy.url }}">{{ policy.title | escape }}</a></small
>
</li>
{%- endif -%}
Expand Down
2 changes: 1 addition & 1 deletion sections/main-article.liquid
View file
Original file line number Diff line number Diff line change
Expand Up @@ -85,7 +85,7 @@
<div class="article-template__back element-margin-top center{% if settings.animations_reveal_on_scroll %} scroll-trigger animate--slide-in{% endif %}">
<a href="{{ blog.url }}" class="article-template__link link animate-arrow">
<span class="icon-wrap">{% render 'icon-arrow' %}</span>
{{ 'blogs.article.back_to_blog' | t: title: blog.title }}
{{ 'blogs.article.back_to_blog' | t: title: blog.title | escape }}
</a>
</div>
{%- if blog.comments_enabled? -%}
Expand Down
26 changes: 19 additions & 7 deletions sections/main-cart-footer.liquid
View file
Original file line number Diff line number Diff line change
Expand Up @@ -50,7 +50,7 @@
{%- for discount in cart.cart_level_discount_applications -%}
<li class="discounts__discount discounts__discount--position">
{%- render 'icon-discount' -%}
{{ discount.title }}
{{ discount.title | escape }}
(-{{ discount.total_allocated_amount | money }})
</li>
{%- endfor -%}
Expand All @@ -68,25 +68,37 @@
{%- if shop.shipping_policy.body == blank -%}
{{ 'sections.cart.duties_and_taxes_included_shipping_at_checkout_without_policy' | t }}
{%- else -%}
{{ 'sections.cart.duties_and_taxes_included_shipping_at_checkout_with_policy_html' | t: link: shop.shipping_policy.url }}
{%- endif -%}
{{
'sections.cart.duties_and_taxes_included_shipping_at_checkout_with_policy_html'
| t: link: shop.shipping_policy.url
}}
{%- endif -%}
{%- elsif cart.duties_included == false and cart.taxes_included -%}
{%- if shop.shipping_policy.body == blank -%}
{{ 'sections.cart.taxes_included_shipping_at_checkout_without_policy' | t }}
{%- else -%}
{{ 'sections.cart.taxes_included_shipping_at_checkout_with_policy_html' | t: link: shop.shipping_policy.url }}
{%- endif -%}
{{
'sections.cart.taxes_included_shipping_at_checkout_with_policy_html'
| t: link: shop.shipping_policy.url
}}
{%- endif -%}
{%- elsif cart.duties_included and cart.taxes_included == false -%}
{%- if shop.shipping_policy.body == blank -%}
{{ 'sections.cart.duties_included_taxes_at_checkout_shipping_at_checkout_without_policy' | t }}
{%- else -%}
{{ 'sections.cart.duties_included_taxes_at_checkout_shipping_at_checkout_with_policy_html' | t: link: shop.shipping_policy.url }}
{{
'sections.cart.duties_included_taxes_at_checkout_shipping_at_checkout_with_policy_html'
| t: link: shop.shipping_policy.url
}}
{%- endif -%}
{%- elsif cart.duties_included == false and cart.taxes_included == false -%}
{%- if shop.shipping_policy.body == blank -%}
{{ 'sections.cart.taxes_at_checkout_shipping_at_checkout_without_policy' | t }}
{%- else -%}
{{ 'sections.cart.taxes_at_checkout_shipping_at_checkout_with_policy_html' | t: link: shop.shipping_policy.url }}
{{
'sections.cart.taxes_at_checkout_shipping_at_checkout_with_policy_html'
| t: link: shop.shipping_policy.url
}}
{%- endif -%}
{%- endif -%}
</small>
Expand Down
4 changes: 2 additions & 2 deletions sections/main-cart-items.liquid
View file
Original file line number Diff line number Diff line change
Expand Up @@ -165,7 +165,7 @@
{%- for discount in item.line_level_discount_allocations -%}
<li class="discounts__discount">
{%- render 'icon-discount' -%}
{{ discount.discount_application.title }}
{{ discount.discount_application.title | escape }}
</li>
{%- endfor -%}
</ul>
Expand Down Expand Up @@ -281,7 +281,7 @@
<a
href="{{ item.url_to_remove }}"
class="button button--tertiary"
aria-label="{{ 'sections.cart.remove_title' | t: title: item.title }}"
aria-label="{{ 'sections.cart.remove_title' | t: title: item.title | escape }}"
>
{% render 'icon-remove' %}
</a>
Expand Down
20 changes: 10 additions & 10 deletions sections/main-order.liquid
View file
Original file line number Diff line number Diff line change
Expand Up @@ -61,16 +61,16 @@
>
<div>
{%- if line_item.url != blank -%}
<a href="{{ line_item.url }}">{{ line_item.title }}</a>
<a href="{{ line_item.url }}">{{ line_item.title | escape }}</a>
{%- else -%}
<p>{{ line_item.title }}</p>
<p>{{ line_item.title | escape }}</p>
{%- endif -%}
{%- assign property_size = line_item.properties | size -%}
{%- unless line_item.selling_plan_allocation == null and property_size == 0 -%}
<div class="properties">
{%- unless line_item.product.has_only_default_variant -%}
<span>
{{ line_item.variant.title }}
{{ line_item.variant.title | escape }}
</span>
{%- endunless -%}
{%- unless line_item.selling_plan_allocation == null -%}
Expand Down Expand Up @@ -103,7 +103,7 @@
<svg aria-hidden="true" focusable="false" viewBox="0 0 12 12">
<use href="#icon-discount" />
</svg>
{{- discount_allocation.discount_application.title }} (-
{{- discount_allocation.discount_application.title | escape }} (-
{{- discount_allocation.amount | money -}}
)
</li>
Expand Down Expand Up @@ -245,7 +245,7 @@
<svg aria-hidden="true" focusable="false" viewBox="0 0 12 12">
<use href="#icon-discount" />
</svg>
{{- discount_application.title -}}
{{- discount_application.title | escape -}}
</span>
</td>
<td headers="RowDiscount" role="cell" data-label="{{ 'customer.order.discount' | t }}">
Expand All @@ -255,7 +255,7 @@
<svg aria-hidden="true" focusable="false" viewBox="0 0 12 12">
<use href="#icon-discount" />
</svg>
{{- discount_application.title -}}
{{- discount_application.title | escape -}}
</span>
</div>
</td>
Expand All @@ -265,12 +265,12 @@
{%- for shipping_method in order.shipping_methods -%}
<tr role="row">
<td id="RowShipping" role="rowheader" scope="row" colspan="4">
{{ 'customer.order.shipping' | t }} ({{ shipping_method.title }})
{{ 'customer.order.shipping' | t }} ({{ shipping_method.title | escape }})
</td>
<td
headers="RowShipping"
role="cell"
data-label="{{ 'customer.order.shipping' | t }} ({{ shipping_method.title }})"
data-label="{{ 'customer.order.shipping' | t }} ({{ shipping_method.title | escape }})"
>
{{ shipping_method.price | money }}
</td>
Expand All @@ -279,13 +279,13 @@
{%- for tax_line in order.tax_lines -%}
<tr role="row">
<td id="RowTax" role="rowheader" scope="row" colspan="4">
{{ 'customer.order.tax' | t }} ({{ tax_line.title }}
{{ 'customer.order.tax' | t }} ({{ tax_line.title | escape }}
{{ tax_line.rate | times: 100 }}%)
</td>
<td
headers="RowTax"
role="cell"
data-label="{{ 'customer.order.tax' | t }} ({{ tax_line.title }} {{ tax_line.rate | times: 100 }}%)"
data-label="{{ 'customer.order.tax' | t }} ({{ tax_line.title | escape }} {{ tax_line.rate | times: 100 }}%)"
>
{{ tax_line.price | money }}
</td>
Expand Down
28 changes: 20 additions & 8 deletions snippets/cart-drawer.liquid
View file
Original file line number Diff line number Diff line change
Expand Up @@ -326,7 +326,7 @@
<button
type="button"
class="button button--tertiary cart-remove-button"
aria-label="{{ 'sections.cart.remove_title' | t: title: item.title }}"
aria-label="{{ 'sections.cart.remove_title' | t: title: item.title | escape }}"
data-variant-id="{{ item.variant.id }}"
>
{% render 'icon-remove' %}
Expand Down Expand Up @@ -479,7 +479,7 @@
{%- for discount in cart.cart_level_discount_applications -%}
<li class="discounts__discount discounts__discount--end">
{%- render 'icon-discount' -%}
{{ discount.title }}
{{ discount.title | escape }}
(-{{ discount.total_allocated_amount | money }})
</li>
{%- endfor -%}
Expand All @@ -497,25 +497,37 @@
{%- if shop.shipping_policy.body == blank -%}
{{ 'sections.cart.duties_and_taxes_included_shipping_at_checkout_without_policy' | t }}
{%- else -%}
{{ 'sections.cart.duties_and_taxes_included_shipping_at_checkout_with_policy_html' | t: link: shop.shipping_policy.url }}
{%- endif -%}
{{
'sections.cart.duties_and_taxes_included_shipping_at_checkout_with_policy_html'
| t: link: shop.shipping_policy.url
}}
{%- endif -%}
{%- elsif cart.duties_included == false and cart.taxes_included -%}
{%- if shop.shipping_policy.body == blank -%}
{{ 'sections.cart.taxes_included_shipping_at_checkout_without_policy' | t }}
{%- else -%}
{{ 'sections.cart.taxes_included_shipping_at_checkout_with_policy_html' | t: link: shop.shipping_policy.url }}
{%- endif -%}
{{
'sections.cart.taxes_included_shipping_at_checkout_with_policy_html'
| t: link: shop.shipping_policy.url
}}
{%- endif -%}
{%- elsif cart.duties_included and cart.taxes_included == false -%}
{%- if shop.shipping_policy.body == blank -%}
{{ 'sections.cart.duties_included_taxes_at_checkout_shipping_at_checkout_without_policy' | t }}
{%- else -%}
{{ 'sections.cart.duties_included_taxes_at_checkout_shipping_at_checkout_with_policy_html' | t: link: shop.shipping_policy.url }}
{{
'sections.cart.duties_included_taxes_at_checkout_shipping_at_checkout_with_policy_html'
| t: link: shop.shipping_policy.url
}}
{%- endif -%}
{%- elsif cart.duties_included == false and cart.taxes_included == false -%}
{%- if shop.shipping_policy.body == blank -%}
{{ 'sections.cart.taxes_at_checkout_shipping_at_checkout_without_policy' | t }}
{%- else -%}
{{ 'sections.cart.taxes_at_checkout_shipping_at_checkout_with_policy_html' | t: link: shop.shipping_policy.url }}
{{
'sections.cart.taxes_at_checkout_shipping_at_checkout_with_policy_html'
| t: link: shop.shipping_policy.url
}}
{%- endif -%}
{%- endif -%}
</small>
Expand Down

0 comments on commit a819d0a

Please sign in to comment.