Skip to content

Commit cb1b774

Browse files
NathMorganNathMorgan
committed
Add escaping on meta properties for open graph
Fixes issue where double quotes can bleed though the html attribute
1 parent 148d6cc commit cb1b774

File tree

1 file changed

+2
-2
lines changed
  • app/code/Magento/Catalog/view/frontend/templates/product/view/opengraph

1 file changed

+2
-2
lines changed

app/code/Magento/Catalog/view/frontend/templates/product/view/opengraph/general.phtml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -9,11 +9,11 @@
99

1010
<meta property="og:type" content="product" />
1111
<meta property="og:title"
12-
content="<?= /* @noEscape */ $block->stripTags($block->getProduct()->getName()) ?>" />
12+
content="<?= $block->escapeHtmlAttr($block->stripTags($block->getProduct()->getName())) ?>" />
1313
<meta property="og:image"
1414
content="<?= $block->escapeUrl($block->getImage($block->getProduct(), 'product_base_image')->getImageUrl()) ?>" />
1515
<meta property="og:description"
16-
content="<?= /* @noEscape */ $block->stripTags($block->getProduct()->getShortDescription()) ?>" />
16+
content="<?= $block->escapeHtmlAttr($block->stripTags($block->getProduct()->getShortDescription())) ?>" />
1717
<meta property="og:url" content="<?= $block->escapeUrl($block->getProduct()->getProductUrl()) ?>" />
1818
<?php if ($priceAmount = $block->getProduct()->getPriceInfo()->getPrice(\Magento\Catalog\Pricing\Price\FinalPrice::PRICE_CODE)->getAmount()) :?>
1919
<meta property="product:price:amount" content="<?= $block->escapeHtmlAttr($priceAmount) ?>"/>

0 commit comments

Comments
 (0)