BLOG-245: Improve blog home page escaping

Author: tmortagne

application-blog-ui/src/main/resources/Blog/BlogCode.xml

@@ -20,7 +20,7 @@
  * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
 -->
 
-<xwikidoc version="1.4" reference="Blog.BlogCode" locale="">
+<xwikidoc version="1.6" reference="Blog.BlogCode" locale="">
   <web>Blog</web>
   <name>BlogCode</name>
   <language/>
@@ -30,9 +30,10 @@
   <creationDate>1373016402000</creationDate>
   <parent>Blog.WebHome</parent>
   <author>xwiki:XWiki.Admin</author>
+  <originalMetadataAuthor>XWiki.Admin</originalMetadataAuthor>
   <contentAuthor>xwiki:XWiki.Admin</contentAuthor>
-  <date>1749827475000</date>
-  <contentUpdateDate>1749827475000</contentUpdateDate>
+  <date>1764057977000</date>
+  <contentUpdateDate>1764057977000</contentUpdateDate>
   <version>1.1</version>
   <title>Macros for the Blog application</title>
   <comment/>
@@ -736,7 +737,8 @@ $!xwiki.jsx.use($blogScriptsDocumentName)##
  * @param entryObj The xobject of the blog post, an instance of the &lt;tt&gt;Blog.BlogPostClass&lt;/tt&gt; xclass.
  *###
 #macro(displayEntryTitle $entryDoc $entryObj)
-  #set($escapedRenderedTitle = $services.rendering.escape($entryDoc.getValue('title'), $xwiki.getCurrentContentSyntaxId()))
+  ## This is executed in the context of a global HTML macro, so we need to escape html too
+  #set($escapedRenderedTitle = $escapetool.html($services.rendering.escape($entryDoc.getValue('title'), $xwiki.getCurrentContentSyntaxId())))
   #if($doc.fullName == $entryDoc.fullName)
     (% class="entry-title" %)
     = $escapedRenderedTitle =