From 61270379868a1ae02d12ecbe9dd41f74b8607d2a Mon Sep 17 00:00:00 2001
From: Simon Backx <simon@ghost.org>
Date: Thu, 15 Sep 2022 17:07:10 +0200
Subject: [PATCH 1/2] =?UTF-8?q?=F0=9F=90=9B=20Fixed=20feature=20image=20ca?=
 =?UTF-8?q?ption=20escaped=20twice=20in=20newsletters=20(#15417)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

fixes https://github.com/TryGhost/Team/issues/1909

- The feature image caption is already escaped on the frontend
- Doing it again in the backend breaks the possibility to add links to the caption
- I checked and the `feature_image_alt` is not escaped in the frontend.
---
 ghost/core/core/server/services/mega/template.js                | 2 +-
 .../unit/server/services/mega/post-email-serializer.test.js     | 2 +-
 ghost/core/test/unit/server/services/mega/template.test.js      | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/ghost/core/core/server/services/mega/template.js b/ghost/core/core/server/services/mega/template.js
index e0c7fb8127..42d6635e26 100644
--- a/ghost/core/core/server/services/mega/template.js
+++ b/ghost/core/core/server/services/mega/template.js
@@ -26,7 +26,7 @@ const sanitizeKeys = (obj, keys) => {
 module.exports = ({post, site, newsletter, templateSettings}) => {
     const date = new Date();
     const hasFeatureImageCaption = templateSettings.showFeatureImage && post.feature_image && post.feature_image_caption;
-    const cleanPost = sanitizeKeys(post, ['url', 'published_at', 'title', 'excerpt', 'authors', 'feature_image', 'feature_image_alt', 'feature_image_caption']);
+    const cleanPost = sanitizeKeys(post, ['url', 'published_at', 'title', 'excerpt', 'authors', 'feature_image', 'feature_image_alt']);
     const cleanSite = sanitizeKeys(site, ['title']);
     const cleanNewsletter = sanitizeKeys(newsletter, ['name']);
 
diff --git a/ghost/core/test/unit/server/services/mega/post-email-serializer.test.js b/ghost/core/test/unit/server/services/mega/post-email-serializer.test.js
index b0cb3c2932..fa0865a7bd 100644
--- a/ghost/core/test/unit/server/services/mega/post-email-serializer.test.js
+++ b/ghost/core/test/unit/server/services/mega/post-email-serializer.test.js
@@ -51,7 +51,7 @@ describe('Post Email Serializer', function () {
                     excerpt: 'This is a blog post test <3</body>',
                     authors: 'This is a blog post test <3</body>',
                     feature_image_alt: 'This is a blog post test <3</body>',
-                    feature_image_caption: 'This is a blog post test <3</body>',
+                    feature_image_caption: 'This is escaped in the frontend',
 
                     // This is a markdown post with all cards that contain <3 in all fields + </body> tags
                     // Note that some fields are already escaped in the frontend
diff --git a/ghost/core/test/unit/server/services/mega/template.test.js b/ghost/core/test/unit/server/services/mega/template.test.js
index 1b20a14bb6..7fccfbab0b 100644
--- a/ghost/core/test/unit/server/services/mega/template.test.js
+++ b/ghost/core/test/unit/server/services/mega/template.test.js
@@ -125,7 +125,7 @@ describe('Mega template', function () {
             html: '<div class="post-content-html">I am &lt;100 years old</div>',
             feature_image: 'https://example.com/image.jpg',
             feature_image_alt: 'I <3 alt text',
-            feature_image_caption: 'I <3 images'
+            feature_image_caption: 'I &lt;3 images' // escaped in frontend
         };
         const site = {
             iconUrl: 'site icon url',

From 7a6375c840bcbf7621d0b4a7ccbe18fada03edbb Mon Sep 17 00:00:00 2001
From: Ghost CI <41898282+github-actions[bot]@users.noreply.github.com>
Date: Thu, 15 Sep 2022 17:13:56 +0100
Subject: [PATCH 2/2] v5.14.2

---
 ghost/admin/package.json | 2 +-
 ghost/core/package.json  | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/ghost/admin/package.json b/ghost/admin/package.json
index 75d08183a4..2feda872f4 100644
--- a/ghost/admin/package.json
+++ b/ghost/admin/package.json
@@ -1,6 +1,6 @@
 {
   "name": "ghost-admin",
-  "version": "5.14.1",
+  "version": "5.14.2",
   "description": "Ember.js admin client for Ghost",
   "author": "Ghost Foundation",
   "homepage": "http://ghost.org",
diff --git a/ghost/core/package.json b/ghost/core/package.json
index b393be9eef..92165b75b1 100644
--- a/ghost/core/package.json
+++ b/ghost/core/package.json
@@ -1,6 +1,6 @@
 {
   "name": "ghost",
-  "version": "5.14.1",
+  "version": "5.14.2",
   "description": "The professional publishing platform",
   "author": "Ghost Foundation",
   "homepage": "https://ghost.org",