From 1a247e1889ede0401534ca6cfdb44662b5fc234f Mon Sep 17 00:00:00 2001 From: Mischa Date: Fri, 19 Jun 2026 23:12:47 +0200 Subject: [PATCH] fix: story template-story class, datetime attr, imageName escaping, raw content comments Co-Authored-By: Claude Sonnet 4.6 Claude-Session: https://claude.ai/code/session_01Vgmzx8VTTTmCskSpQtsLTr --- plugins/story-blocks/shortcodes/ChapterBreakShortcode.php | 2 +- plugins/story-blocks/shortcodes/PullQuoteShortcode.php | 4 ++-- plugins/story-blocks/shortcodes/ScrollySectionShortcode.php | 4 ++-- plugins/story-blocks/shortcodes/SnapGalleryShortcode.php | 2 +- themes/intotheeast/templates/partials/base.html.twig | 2 +- themes/intotheeast/templates/stories.html.twig | 2 +- 6 files changed, 8 insertions(+), 8 deletions(-) diff --git a/plugins/story-blocks/shortcodes/ChapterBreakShortcode.php b/plugins/story-blocks/shortcodes/ChapterBreakShortcode.php index 5a6edc8..2ebb813 100644 --- a/plugins/story-blocks/shortcodes/ChapterBreakShortcode.php +++ b/plugins/story-blocks/shortcodes/ChapterBreakShortcode.php @@ -11,7 +11,7 @@ class ChapterBreakShortcode extends Shortcode $plugin = $this->grav['plugins']->getPlugin('story-blocks'); $page = $plugin ? $plugin->getCurrentPage() : null; - $imageName = $sc->getParameter('image', ''); + $imageName = htmlspecialchars($sc->getParameter('image', ''), ENT_QUOTES); $title = htmlspecialchars($sc->getParameter('title', ''), ENT_QUOTES); $number = htmlspecialchars($sc->getParameter('number', ''), ENT_QUOTES); $alt = htmlspecialchars($sc->getParameter('alt', $title), ENT_QUOTES); diff --git a/plugins/story-blocks/shortcodes/PullQuoteShortcode.php b/plugins/story-blocks/shortcodes/PullQuoteShortcode.php index 4401f7d..78e5981 100644 --- a/plugins/story-blocks/shortcodes/PullQuoteShortcode.php +++ b/plugins/story-blocks/shortcodes/PullQuoteShortcode.php @@ -11,9 +11,9 @@ class PullQuoteShortcode extends Shortcode $plugin = $this->grav['plugins']->getPlugin('story-blocks'); $page = $plugin ? $plugin->getCurrentPage() : null; - $imageName = $sc->getParameter('image', ''); + $imageName = htmlspecialchars($sc->getParameter('image', ''), ENT_QUOTES); $alt = htmlspecialchars($sc->getParameter('alt', ''), ENT_QUOTES); - $content = trim($sc->getContent()); + $content = trim($sc->getContent()); // ShortcodeCore renders inner Markdown to HTML; trusted author content $imageUrl = ($page && $imageName) ? $page->url() . '/' . $imageName : ''; $bgHtml = ''; diff --git a/plugins/story-blocks/shortcodes/ScrollySectionShortcode.php b/plugins/story-blocks/shortcodes/ScrollySectionShortcode.php index 077829e..736f47e 100644 --- a/plugins/story-blocks/shortcodes/ScrollySectionShortcode.php +++ b/plugins/story-blocks/shortcodes/ScrollySectionShortcode.php @@ -11,10 +11,10 @@ class ScrollySectionShortcode extends Shortcode $plugin = $this->grav['plugins']->getPlugin('story-blocks'); $page = $plugin ? $plugin->getCurrentPage() : null; - $imageName = $sc->getParameter('image', ''); + $imageName = htmlspecialchars($sc->getParameter('image', ''), ENT_QUOTES); $alt = htmlspecialchars($sc->getParameter('alt', ''), ENT_QUOTES); $caption = htmlspecialchars($sc->getParameter('caption', ''), ENT_QUOTES); - $content = $sc->getContent(); /* raw inner content — Scrollama JS splits on
*/ + $content = $sc->getContent(); // ShortcodeCore renders inner Markdown to HTML; trusted author content $imageUrl = ($page && $imageName) ? $page->url() . '/' . $imageName : $imageName; $captionHtml = $caption diff --git a/plugins/story-blocks/shortcodes/SnapGalleryShortcode.php b/plugins/story-blocks/shortcodes/SnapGalleryShortcode.php index 7e83bf1..3357687 100644 --- a/plugins/story-blocks/shortcodes/SnapGalleryShortcode.php +++ b/plugins/story-blocks/shortcodes/SnapGalleryShortcode.php @@ -21,7 +21,7 @@ class SnapGalleryShortcode extends Shortcode foreach ($images as $i => $filename) { if (!$filename) continue; - $url = $baseUrl . $filename; + $url = $baseUrl . htmlspecialchars($filename, ENT_QUOTES); $caption = htmlspecialchars($captions[$i] ?? '', ENT_QUOTES); $alt = htmlspecialchars($alts[$i] ?? '', ENT_QUOTES); $eager = $i === 0 ? 'eager' : 'lazy'; diff --git a/themes/intotheeast/templates/partials/base.html.twig b/themes/intotheeast/templates/partials/base.html.twig index ba860f4..a97cc43 100644 --- a/themes/intotheeast/templates/partials/base.html.twig +++ b/themes/intotheeast/templates/partials/base.html.twig @@ -12,7 +12,7 @@ {{ assets.css()|raw }} {{ assets.js()|raw }} - +
into the east {% block nav %} diff --git a/themes/intotheeast/templates/stories.html.twig b/themes/intotheeast/templates/stories.html.twig index b6953d8..aa373f9 100644 --- a/themes/intotheeast/templates/stories.html.twig +++ b/themes/intotheeast/templates/stories.html.twig @@ -28,7 +28,7 @@
{% endif %}
- + {% if story.header.location_name %} 📍 {{ story.header.location_name }}{% if story.header.location_country %}, {{ story.header.location_country }}{% endif %} {% endif %}