content-parser: encode HTML entities in DESCRIPTION variable

3 files changed, 8 insertions, 4 deletions

diff --git a/man/blogc-source.7.ronn b/man/blogc-source.7.ronn
index 9b80eb2..9a0c94c 100644
--- a/man/blogc-source.7.ronn
+++ b/man/blogc-source.7.ronn
@@ -52,9 +52,10 @@ explicit definition in source file.
 
 Another variable, `DESCRIPTION`, will be automatically created by the source
 parser. It contains the unparsed content of the first paragraph found in the
-source file. Paragraphs inside blockquotes are ignored. This variable can be
-overriden by an explicit definition in source file. This is useful to add
-"description" meta-tags to HTML templates.
+source file. The content is not parsed but HTML entities are encoded. Paragraphs
+inside blockquotes are ignored. This variable can be overriden by an explicit
+definition in source file, that must have the HTML entities escaped manually.
+This is useful to add "description" meta-tags to HTML templates.
 
 ## SOURCE CONTENT - BLOCK ELEMENTS
 
diff --git a/src/content-parser.c b/src/content-parser.c
index 3cb0ddb..2062814 100644
--- a/src/content-parser.c
+++ b/src/content-parser.c
@@ -110,7 +110,7 @@ blogc_fix_description(const char *paragraph)
             break;
         current++;
     }
-    tmp = sb_strdup(sb_str_strip(rv->str));
+    tmp = blogc_htmlentities(sb_str_strip(rv->str));
     sb_string_free(rv, true);
     return tmp;
 }
diff --git a/tests/check_content_parser.c b/tests/check_content_parser.c
index ab6853a..783d3f3 100644
--- a/tests/check_content_parser.c
+++ b/tests/check_content_parser.c
@@ -100,6 +100,9 @@ test_fix_description(void **state)
     s = blogc_fix_description("  bola\r\n   guda   lol\r\n asd\r\n");
     assert_string_equal(s, "bola guda   lol asd");
     free(s);
+    s = blogc_fix_description("b'o\"l<>a");
+    assert_string_equal(s, "b&#x27;o&quot;l&lt;&gt;a");
+    free(s);
 }