svemagie/indiekit-endpoint-microsub
1
0
Fork 0
mirror of https://github.com/svemagie/indiekit-endpoint-microsub.git synced 2026-04-02 15:35:00 +02:00
Code Issues Packages Projects Releases Wiki Activity

fix: decode HTML entities in feed titles to prevent literal display

Browse Source 
Feedparser passes through HTML entities (“, ’, etc.) as
literal strings in item titles. Nunjucks auto-escaping then double-encodes
them, causing entities to render literally in the reader UI.

Apply sanitizeHtml with no allowed tags to decode entities in title fields
across RSS/Atom, JSON Feed, and feed metadata normalizers.
This commit is contained in:
Ricardo
2026-02-24 14:20:55 +01:00
parent 114998bf03
commit b4d2b7418d
2 changed files with 13 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
lib/feeds/normalizer.js
View File

@@ -150,7 +150,9 @@ export function normalizeItem(item, feedUrl, feedType) {
type: "entry",
uid,
url,
name: item.title || undefined,
name: item.title
? sanitizeHtml(item.title, { allowedTags: [] }).trim()
: undefined,
published: toISOStringSafe(item.pubdate),
updated: toISOStringSafe(item.date),
_source: {
@@ -241,7 +243,9 @@ export function normalizeItem(item, feedUrl, feedType) {
*/
export function normalizeFeedMeta(meta, feedUrl) {
const normalized = {
name: meta.title || feedUrl,
name: meta.title
? sanitizeHtml(meta.title, { allowedTags: [] }).trim()
: feedUrl,
};
if (meta.description) {
@@ -303,7 +307,9 @@ export function normalizeJsonFeedItem(item, feedUrl) {
type: "entry",
uid,
url,
name: item.title || undefined,
name: item.title
? sanitizeHtml(item.title, { allowedTags: [] }).trim()
: undefined,
published: item.date_published
? new Date(item.date_published).toISOString()
: undefined,
@@ -400,7 +406,9 @@ export function normalizeJsonFeedItem(item, feedUrl) {
*/
export function normalizeJsonFeedMeta(feed, feedUrl) {
const normalized = {
name: feed.title || feedUrl,
name: feed.title
? sanitizeHtml(feed.title, { allowedTags: [] }).trim()
: feedUrl,
};
if (feed.description) {

2
package.json
View File

@@ -1,6 +1,6 @@
{
"name": "@rmdes/indiekit-endpoint-microsub",
"version": "1.0.33",
"version": "1.0.34",
"description": "Microsub endpoint for Indiekit. Enables subscribing to feeds and reading content using the Microsub protocol.",
"keywords": [
"indiekit",