From d7c0c3f993192fdf5d12b07f848d19d509d71b44 Mon Sep 17 00:00:00 2001
From: "Gabriel B. Nunes" <gabriel@kronopath.net>
Date: Mon, 13 Nov 2023 21:43:46 -0800
Subject: [PATCH] Escape any stray CDATA end tokens that may be in the post
 contents

Normally you wouldn't have any CDATA end tokens ]]> in post content, because > gets converted to &gt;. However, in certain circumstances, like HTML comments, one can slip through unescaped.

The only real way to escape CDATA end tokens is to split them up. I.e. instead of having a single string ]]>, we instead have ]](end CDATA)(start another CDATA)>. The two adjacent CDATAs will then be concatenated. That looks like this very messy string: ]]]]><![CDATA[>
---
 lib/jekyll-feed/feed.xml                            | 6 ++++--
 spec/fixtures/_posts/2014-03-04-march-the-fourth.md | 2 +-
 2 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/lib/jekyll-feed/feed.xml b/lib/jekyll-feed/feed.xml
index 9068836f..79b7a566 100644
--- a/lib/jekyll-feed/feed.xml
+++ b/lib/jekyll-feed/feed.xml
@@ -52,6 +52,8 @@
   {% endunless %}
   {% assign posts = posts | sort: "date" | reverse %}
   {% assign posts_limit = site.feed.posts_limit | default: 10 %}
+  {% assign cdata_end_token = "]]>" %}
+  {% assign cdata_end_token_escaped = "]]]]><![CDATA[>" %}
   {% for post in posts limit: posts_limit %}
     <entry{% if post.lang %}{{" "}}xml:lang="{{ post.lang }}"{% endif %}>
       {% assign post_title = post.title | smartify | strip_html | normalize_whitespace | xml_escape %}
@@ -63,7 +65,7 @@
       <id>{{ post.id | absolute_url | xml_escape }}</id>
       {% assign excerpt_only = post.feed.excerpt_only | default: site.feed.excerpt_only %}
       {% unless excerpt_only %}
-        <content type="html" xml:base="{{ post.url | absolute_url | xml_escape }}"><![CDATA[{{ post.content | strip }}]]></content>
+        <content type="html" xml:base="{{ post.url | absolute_url | xml_escape }}"><![CDATA[{{ post.content | strip | replace: cdata_end_token, cdata_end_token_escaped }}]]></content>
       {% endunless %}
 
       {% assign post_author = post.author | default: post.authors[0] | default: site.author %}
@@ -96,7 +98,7 @@
 
       {% assign post_summary = post.description | default: post.excerpt %}
       {% if post_summary and post_summary != empty %}
-        <summary type="html"><![CDATA[{{ post_summary | strip_html | normalize_whitespace }}]]></summary>
+        <summary type="html"><![CDATA[{{ post_summary | strip_html | normalize_whitespace | replace: cdata_end_token, cdata_end_token_escaped }}]]></summary>
       {% endif %}
 
       {% assign post_image = post.image.path | default: post.image %}
diff --git a/spec/fixtures/_posts/2014-03-04-march-the-fourth.md b/spec/fixtures/_posts/2014-03-04-march-the-fourth.md
index b649b729..41d425f2 100644
--- a/spec/fixtures/_posts/2014-03-04-march-the-fourth.md
+++ b/spec/fixtures/_posts/2014-03-04-march-the-fourth.md
@@ -8,4 +8,4 @@ image:
 categories: updates jekyll
 ---
 
-March the fourth!
+<!-- ]]> -->March the fourth!