fix meta tags by hatemhosny · Pull Request #936 · live-codes/livecodes

hatemhosny · 2026-02-08T15:43:11Z

Summary by CodeRabbit

Bug Fixes
- Improved handling of special characters in page title and description by properly encoding dynamic metadata content.

netlify · 2026-02-08T15:43:27Z

✅ Deploy Preview for livecodes ready!

Name	Link
🔨 Latest commit	`b347082`
🔍 Latest deploy log	https://app.netlify.com/projects/livecodes/deploys/6988af12d65b9500084ad49b
😎 Deploy Preview	https://deploy-preview-936--livecodes.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify project configuration.

sonarqubecloud · 2026-02-08T15:44:37Z

Quality Gate passed

Issues
0 New issues
5 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

github-actions · 2026-02-08T15:45:18Z

Size Change: -225 B (-0.02%)

Total Size: 1.02 MB

ℹ️ View Unchanged

Filename	Size	Change
`./build/404.html`	1 kB	0 B
`./build/app.html`	250 B	0 B
`./build/index.html`	2.46 kB	0 B
`./build/livecodes/app.css`	22.5 kB	0 B
`./build/livecodes/app.js`	112 kB	+38 B (+0.03%)
`./build/livecodes/assets.js`	8.62 kB	-15 B (-0.17%)
`./build/livecodes/assets/noop.js`	18 B	0 B
`./build/livecodes/assets/templates/diagrams-starter.html`	2.19 kB	0 B
`./build/livecodes/backup.js`	3.73 kB	+4 B (+0.11%)
`./build/livecodes/blockly.js`	13.4 kB	0 B
`./build/livecodes/broadcast.js`	1.19 kB	0 B
`./build/livecodes/bundle-types.js`	4.36 kB	0 B
`./build/livecodes/code-to-image.js`	9.11 kB	+4 B (+0.04%)
`./build/livecodes/codejar.js`	17.6 kB	0 B
`./build/livecodes/codemirror.js`	6.37 kB	0 B
`./build/livecodes/compile.page.js`	2.4 kB	0 B
`./build/livecodes/compile.worker.js`	14.5 kB	0 B
`./build/livecodes/compiler-utils.js`	3.17 kB	0 B
`./build/livecodes/custom-editor-utils.js`	198 B	0 B
`./build/livecodes/deploy.js`	6.87 kB	-31 B (-0.45%)
`./build/livecodes/editor-settings.js`	17.9 kB	-30 B (-0.17%)
`./build/livecodes/embed-ui.js`	5.54 kB	-6 B (-0.11%)
`./build/livecodes/embed.js`	89.9 kB	-147 B (-0.16%)
`./build/livecodes/export.js`	3.89 kB	0 B
`./build/livecodes/firebase.js`	22.7 kB	0 B
`./build/livecodes/format.worker.js`	13.6 kB	0 B
`./build/livecodes/google-fonts.js`	7.12 kB	0 B
`./build/livecodes/headless.js`	78.6 kB	-64 B (-0.08%)
`./build/livecodes/i18n-ar-language-info.json`	5.34 kB	0 B
`./build/livecodes/i18n-ar-translation.json`	9.34 kB	0 B
`./build/livecodes/i18n-bn-language-info.json`	5.76 kB	0 B
`./build/livecodes/i18n-bn-translation.json`	9.69 kB	0 B
`./build/livecodes/i18n-de-language-info.json`	5.4 kB	0 B
`./build/livecodes/i18n-de-translation.json`	9.45 kB	0 B
`./build/livecodes/i18n-en-language-info.json`	4.63 kB	0 B
`./build/livecodes/i18n-en-translation.json`	8.1 kB	0 B
`./build/livecodes/i18n-es-language-info.json`	5.12 kB	0 B
`./build/livecodes/i18n-es-translation.json`	9.17 kB	0 B
`./build/livecodes/i18n-fa-language-info.json`	5.52 kB	0 B
`./build/livecodes/i18n-fa-translation.json`	9.49 kB	0 B
`./build/livecodes/i18n-fr-language-info.json`	5.31 kB	0 B
`./build/livecodes/i18n-fr-translation.json`	9.43 kB	0 B
`./build/livecodes/i18n-hi-language-info.json`	5.93 kB	0 B
`./build/livecodes/i18n-hi-translation.json`	9.96 kB	0 B
`./build/livecodes/i18n-id-language-info.json`	4.87 kB	0 B
`./build/livecodes/i18n-id-translation.json`	8.69 kB	0 B
`./build/livecodes/i18n-it-language-info.json`	5.17 kB	0 B
`./build/livecodes/i18n-it-translation.json`	9.26 kB	0 B
`./build/livecodes/i18n-ja-language-info.json`	5.72 kB	0 B
`./build/livecodes/i18n-ja-translation.json`	9.62 kB	0 B
`./build/livecodes/i18n-nl-language-info.json`	5.07 kB	0 B
`./build/livecodes/i18n-nl-translation.json`	8.91 kB	0 B
`./build/livecodes/i18n-pt-language-info.json`	5.16 kB	0 B
`./build/livecodes/i18n-pt-translation.json`	9.36 kB	0 B
`./build/livecodes/i18n-ru-language-info.json`	5.7 kB	0 B
`./build/livecodes/i18n-ru-translation.json`	10.3 kB	0 B
`./build/livecodes/i18n-tr-language-info.json`	5.3 kB	0 B
`./build/livecodes/i18n-tr-translation.json`	9.25 kB	0 B
`./build/livecodes/i18n-ur-language-info.json`	5.97 kB	0 B
`./build/livecodes/i18n-ur-translation.json`	9.8 kB	0 B
`./build/livecodes/i18n-zh-CN-language-info.json`	5.01 kB	0 B
`./build/livecodes/i18n-zh-CN-translation.json`	8.65 kB	0 B
`./build/livecodes/i18n.js`	20.4 kB	+24 B (+0.12%)
`./build/livecodes/import-src.js`	16.2 kB	0 B
`./build/livecodes/import.js`	14.7 kB	+25 B (+0.17%)
`./build/livecodes/index.js`	5.35 kB	+4 B (+0.07%)
`./build/livecodes/lang-art-template-compiler.js`	1.65 kB	0 B
`./build/livecodes/lang-assemblyscript-compiler.js`	290 B	0 B
`./build/livecodes/lang-assemblyscript-script.js`	386 B	0 B
`./build/livecodes/lang-astro-compiler.js`	2.34 kB	0 B
`./build/livecodes/lang-clio-compiler.js`	1.55 kB	0 B
`./build/livecodes/lang-commonlisp-script.js`	123 B	0 B
`./build/livecodes/lang-cpp-script.js`	1.74 kB	0 B
`./build/livecodes/lang-cpp-wasm-script.js`	2.84 kB	0 B
`./build/livecodes/lang-csharp-wasm-script.js`	2.18 kB	0 B
`./build/livecodes/lang-diagrams-compiler-esm.js`	5.09 kB	0 B
`./build/livecodes/lang-dot-compiler.js`	1.66 kB	0 B
`./build/livecodes/lang-ejs-compiler.js`	1.63 kB	0 B
`./build/livecodes/lang-eta-compiler.js`	1.65 kB	0 B
`./build/livecodes/lang-fennel-compiler.js`	1.61 kB	0 B
`./build/livecodes/lang-gleam-compiler.js`	3.09 kB	0 B
`./build/livecodes/lang-go-wasm-script.js`	3.25 kB	0 B
`./build/livecodes/lang-haml-compiler.js`	1.65 kB	0 B
`./build/livecodes/lang-handlebars-compiler.js`	1.95 kB	0 B
`./build/livecodes/lang-imba-compiler.js`	147 B	0 B
`./build/livecodes/lang-java-script.js`	4.05 kB	0 B
`./build/livecodes/lang-jinja-compiler.js`	1.65 kB	0 B
`./build/livecodes/lang-julia-script.js`	3.31 kB	0 B
`./build/livecodes/lang-liquid-compiler.js`	1.68 kB	0 B
`./build/livecodes/lang-lua-wasm-script.js`	205 B	0 B
`./build/livecodes/lang-malina-compiler.js`	2.96 kB	0 B
`./build/livecodes/lang-minizinc-script.js`	2.06 kB	0 B
`./build/livecodes/lang-mustache-compiler.js`	1.65 kB	0 B
`./build/livecodes/lang-nunjucks-compiler.js`	1.96 kB	0 B
`./build/livecodes/lang-perl-script.js`	268 B	0 B
`./build/livecodes/lang-php-wasm-script.js`	347 B	0 B
`./build/livecodes/lang-postgresql-compiler-esm.js`	1.73 kB	0 B
`./build/livecodes/lang-prolog-script.js`	204 B	0 B
`./build/livecodes/lang-pug-compiler.js`	371 B	0 B
`./build/livecodes/lang-python-wasm-script.js`	1.86 kB	0 B
`./build/livecodes/lang-r-script-esm.js`	2.44 kB	0 B
`./build/livecodes/lang-rescript-compiler-esm.js`	2.16 kB	0 B
`./build/livecodes/lang-rescript-formatter.js`	1.52 kB	0 B
`./build/livecodes/lang-riot-compiler.js`	2.81 kB	0 B
`./build/livecodes/lang-ruby-wasm-script.js`	1.71 kB	0 B
`./build/livecodes/lang-scss-compiler.js`	1.71 kB	0 B
`./build/livecodes/lang-solid-compiler.js`	263 B	0 B
`./build/livecodes/lang-sql-compiler.js`	1.64 kB	0 B
`./build/livecodes/lang-sql-script.js`	1.95 kB	0 B
`./build/livecodes/lang-svelte-compiler.js`	4.69 kB	0 B
`./build/livecodes/lang-tcl-script.js`	1.82 kB	0 B
`./build/livecodes/lang-teal-compiler.js`	1.72 kB	0 B
`./build/livecodes/lang-twig-compiler.js`	1.64 kB	0 B
`./build/livecodes/lang-vento-compiler.js`	1.68 kB	0 B
`./build/livecodes/lang-vue-compiler.js`	6.09 kB	0 B
`./build/livecodes/lang-vue2-compiler.js`	3.48 kB	0 B
`./build/livecodes/lang-wat-compiler.js`	348 B	0 B
`./build/livecodes/lang-wat-script.js`	1.58 kB	0 B
`./build/livecodes/language-info.js`	7.92 kB	-8 B (-0.1%)
`./build/livecodes/monaco-lang-astro.js`	947 B	0 B
`./build/livecodes/monaco-lang-clio.js`	639 B	0 B
`./build/livecodes/monaco-lang-imba.js`	7.35 kB	0 B
`./build/livecodes/monaco-lang-minizinc.js`	1.74 kB	0 B
`./build/livecodes/monaco-lang-prolog.js`	580 B	0 B
`./build/livecodes/monaco-lang-wat.js`	2.46 kB	0 B
`./build/livecodes/monaco.js`	10.2 kB	0 B
`./build/livecodes/open.js`	6.21 kB	-14 B (-0.23%)
`./build/livecodes/processor-lightningcss-compiler.js`	1.88 kB	0 B
`./build/livecodes/processor-postcss-compiler.js`	2.02 kB	0 B
`./build/livecodes/processor-tailwindcss-compiler.js`	5.24 kB	0 B
`./build/livecodes/processor-unocss-compiler.js`	355 B	0 B
`./build/livecodes/processor-windicss-compiler.js`	450 B	0 B
`./build/livecodes/quill.css`	697 B	0 B
`./build/livecodes/quill.js`	5.8 kB	0 B
`./build/livecodes/resources.js`	3.43 kB	0 B
`./build/livecodes/result-utils.js`	1.17 kB	0 B
`./build/livecodes/share.js`	3.81 kB	+2 B (+0.05%)
`./build/livecodes/snippets.js`	6.04 kB	-2 B (-0.03%)
`./build/livecodes/sync-ui.js`	3.25 kB	-9 B (-0.28%)
`./build/livecodes/sync.js`	3.52 kB	0 B
`./build/livecodes/sync.worker.js`	29.7 kB	0 B
`./build/livecodes/templates.js`	26.6 kB	0 B
`./build/sdk/livecodes.js`	3.96 kB	0 B
`./build/sdk/livecodes.umd.js`	4.02 kB	0 B
`./build/sdk/package.json`	291 B	0 B
`./build/sdk/react.js`	4.26 kB	0 B
`./build/sdk/vue.js`	4.35 kB	0 B

_{compressed-size-action}

coderabbitai · 2026-02-08T15:45:36Z

Walkthrough

This PR adds HTML entity encoding functionality and applies it to dynamically generated content. A new encodeHTML utility function is created to escape special characters, and it's used to encode title and description values before they're incorporated into meta tags, preventing potential injection vulnerabilities.

Changes

Cohort / File(s)	Summary
HTML Encoding Utility `functions/utils.ts`	New export function `encodeHTML(html: string)` that escapes HTML special characters (&, <, >, ', ") with their corresponding entities.
Dynamic Content Encoding `functions/index.ts`	Title and description are now passed through `encodeHTML` before use in dynamic meta tag construction; error handler typed as `any`.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'fix meta tags' is directly related to the main change in the changeset. The pull request modifies how meta tags (specifically title and description) are constructed by adding HTML encoding to prevent XSS vulnerabilities and ensure proper rendering.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

📝 Generate docstrings

🧪 Generate unit tests (beta)

Create PR with unit tests
Post copyable unit tests in a comment
Commit unit tests in branch fix-meta-tags

No actionable comments were generated in the recent review. 🎉

🧹 Recent nitpick comments

functions/index.ts (2)
62-62: request.url is interpolated into an HTML attribute without encoding.

This is pre-existing, but request.url can contain " characters (e.g., in query params), which would break out of the content="..." attribute—the same class of issue this PR fixes for title/description. Consider applying encodeHTML here as well for consistency.
-      .replace(/content="https:\/\/livecodes.io\/"/g, `content="${request.url}"`)
+      .replace(/content="https:\/\/livecodes.io\/"/g, `content="${encodeHTML(request.url)}"`)
80-80: catch (err: any) — acceptable but consider unknown.

Using unknown is the stricter TypeScript idiom (catch (err: unknown)), with a narrowing check before accessing .message. That said, any is pragmatic here and this is a minor style point.

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

cloudflare-workers-and-pages · 2026-02-08T15:45:46Z

Deploying livecodes with Cloudflare Pages

Latest commit:	`b347082`
Status:	✅ Deploy successful!
Preview URL:	https://f81ad054.livecodes.pages.dev
Branch Preview URL:	https://fix-meta-tags.livecodes.pages.dev

View logs

fix meta tags

b347082

hatemhosny merged commit 1a4fe1b into develop Feb 8, 2026
20 checks passed

hatemhosny deleted the fix-meta-tags branch February 8, 2026 18:26

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

fix meta tags#936

fix meta tags#936
hatemhosny merged 1 commit intodevelopfrom
fix-meta-tags

hatemhosny commented Feb 8, 2026 •

edited by coderabbitai Bot

Loading

Uh oh!

netlify Bot commented Feb 8, 2026 •

edited

Loading

Uh oh!

sonarqubecloud Bot commented Feb 8, 2026 •

edited

Loading

Uh oh!

github-actions Bot commented Feb 8, 2026

Uh oh!

coderabbitai Bot commented Feb 8, 2026

Uh oh!

cloudflare-workers-and-pages Bot commented Feb 8, 2026

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Uh oh!

Conversation

hatemhosny commented Feb 8, 2026 • edited by coderabbitai Bot Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Summary by CodeRabbit

Uh oh!

netlify Bot commented Feb 8, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

✅ Deploy Preview for livecodes ready!

Uh oh!

sonarqubecloud Bot commented Feb 8, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Quality Gate passed

Uh oh!

github-actions Bot commented Feb 8, 2026

Uh oh!

coderabbitai Bot commented Feb 8, 2026

Walkthrough

Changes

Estimated code review effort

Uh oh!

cloudflare-workers-and-pages Bot commented Feb 8, 2026

Deploying livecodes with Cloudflare Pages

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

hatemhosny commented Feb 8, 2026 •

edited by coderabbitai Bot

Loading

netlify Bot commented Feb 8, 2026 •

edited

Loading

sonarqubecloud Bot commented Feb 8, 2026 •

edited

Loading