Commit 3c825b7
fix: decode HTML entities in anchor modal title
The modal heading extracted the <h1> text via regex from rendered
HTML (which contains &) and set it as textContent, so anchors
like "Plain English according to Strunk & White" showed the literal
"&". Parse via DOMParser instead so the browser decodes entities;
DOMParser is parse-don't-execute (no XSS risk). The share-link title,
which reads from #modal-title, is fixed by the same change.
Adds a regression test that fails on the old regex path.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>1 parent bd1a8a4 commit 3c825b7
2 files changed
Lines changed: 19 additions & 3 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
238 | 238 | | |
239 | 239 | | |
240 | 240 | | |
241 | | - | |
242 | | - | |
243 | | - | |
| 241 | + | |
| 242 | + | |
| 243 | + | |
| 244 | + | |
| 245 | + | |
| 246 | + | |
244 | 247 | | |
245 | 248 | | |
246 | 249 | | |
| |||
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
129 | 129 | | |
130 | 130 | | |
131 | 131 | | |
| 132 | + | |
| 133 | + | |
| 134 | + | |
| 135 | + | |
| 136 | + | |
| 137 | + | |
| 138 | + | |
| 139 | + | |
| 140 | + | |
| 141 | + | |
| 142 | + | |
| 143 | + | |
| 144 | + | |
132 | 145 | | |
133 | 146 | | |
134 | 147 | | |
| |||
0 commit comments