diff --git a/src/lightbox/frontend-image-lightbox.js b/src/lightbox/frontend-image-lightbox.js index a715d046a7..7a34f255a3 100644 --- a/src/lightbox/frontend-image-lightbox.js +++ b/src/lightbox/frontend-image-lightbox.js @@ -93,6 +93,19 @@ const isImageBlock = el => { return el && el.classList.contains( 'stk-block-image' ) } +function sanitize( string ) { + const map = { + '&': '&', + '<': '<', + '>': '>', + '"': '"', + "'": ''', + '/': '/', + } + const reg = /[&<>"'/]/ig + return string.replace( reg, match => map[ match ] ) +} + class StackableImageLightbox { init = () => { this.elements = [] @@ -135,6 +148,10 @@ class StackableImageLightbox { title = imageBlock.getAttribute( 'alt' ) || null } + // Sanitize strings. + title = title ? sanitize( title ) : null + link = typeof link === 'string' ? sanitize( link ) : link + const isUsingImageBlock = ( ! link || ! href ) && imageBlock this.elements.push( {