From 4bdca82894cc921af5dc031f62dcc8a1bf2f7e5a Mon Sep 17 00:00:00 2001
From: Saivann <saivann@gmail.com>
Date: Wed, 19 Feb 2014 21:43:05 -0500
Subject: [PATCH] Escape special HTML characters on the events page

---
 _events/2014-09-15-insidebitcoinslondon2014 |  2 +-
 _plugins/htmlescape.rb                      | 16 ++++++++++++++++
 _templates/events.html                      |  4 ++--
 3 files changed, 19 insertions(+), 3 deletions(-)
 create mode 100644 _plugins/htmlescape.rb

diff --git a/_events/2014-09-15-insidebitcoinslondon2014 b/_events/2014-09-15-insidebitcoinslondon2014
index a099172f..826cbb4d 100644
--- a/_events/2014-09-15-insidebitcoinslondon2014
+++ b/_events/2014-09-15-insidebitcoinslondon2014
@@ -1,6 +1,6 @@
 ---
 title: "Inside Bitcoins London"
-venue: "The Grange"
+venue: "Grange St Paul's Hotel"
 address: "10 Godliman St"
 city: "London"
 country: "England"
diff --git a/_plugins/htmlescape.rb b/_plugins/htmlescape.rb
new file mode 100644
index 00000000..ffea5389
--- /dev/null
+++ b/_plugins/htmlescape.rb
@@ -0,0 +1,16 @@
+#htmlescape espaces special html characters. This is a replacement for
+#CGI::escapeHTML, which has an inconsistent behavior with single quotes
+#on different ruby versions ( 1.9 and 2.0 ).
+
+#Example:
+# {{ page.title | htmlescape }}
+
+module Entities
+
+  def htmlescape(input)
+    input.gsub(/['&\"<>]/, { "'" => '&apos;', '&' => '&amp;', '"' => '&quot;', '<' => '&lt;', '>' => '&gt;' })
+  end
+
+  Liquid::Template.register_filter self
+
+end
diff --git a/_templates/events.html b/_templates/events.html
index bec18b1c..b6b0c40e 100644
--- a/_templates/events.html
+++ b/_templates/events.html
@@ -23,7 +23,7 @@ L.tileLayer('http://{s}.tile.openstreetmap.org/{z}/{x}/{y}.png', {
 
 var markers = new L.MarkerClusterGroup({showCoverageOnHover: false, maxClusterRadius: 20});
 {% filter_for p in site.pages sort_by:date category:event %}{% if p.geoloc != 'false' %}
-L.marker([{{ p.geoloc }}]).bindPopup('<b><a href="{{ p.link }}">{{ p.title }}</a></b><br>{{ p.date }}<br>{{ p.venue }}<br>{{ p.address }}<br>{{ p.city }}, {{ p.country }}').addTo(markers);
+L.marker([{{ p.geoloc }}]).bindPopup('<b><a href="{{ p.link | htmlescape }}">{{ p.title | htmlescape }}</a></b><br>{{ p.date }}<br>{{ p.venue | htmlescape }}<br>{{ p.address | htmlescape }}<br>{{ p.city | htmlescape }}, {{ p.country | htmlescape }}').addTo(markers);
 {% endif %}{% endfilter_for %}
 map.addLayer(markers);
 </script>
@@ -31,7 +31,7 @@ map.addLayer(markers);
 <ul>
 {% filter_for p in site.pages sort_by:date category:event %}
   <li>
-    {{ p.date | date:"%Y-%m-%d" }} - <a href="{{ p.link }}">{{ p.title }}</a> - {{ p.city }}, {{ p.country }}
+    {{ p.date | date:"%Y-%m-%d" }} - <a href="{{ p.link | htmlescape }}">{{ p.title | htmlescape }}</a> - {{ p.city | htmlescape }}, {{ p.country | htmlescape }}
   </li>
 {% endfilter_for %}
 </ul>