html in title with comments on custom post

The theme uses get_the_title(), so no luck for you there.

However, nikeo puts a catch-all filter at the end of the header code, so you could use this filter and apply a preg_replace() on the html, to render what you want. The filter is set up on line 260 of class-content-headings.php:
echo apply_filters( 'tc_content_headings' , $html, $filter_args );.

I cannot give you suggested code for your situation, because it’s impossible to know what code your combination of plugins is churning out in the title (using regex expressions is difficult enough on html—you have to know exactly what the input for the regex is going to look like before you can start modifying the output—but if you don’t know what’s going on behind the scenes, it’s impossible).

The plugin is messing up your html badly, though. Indeed, if you look at the page without the visible errors, the page has a lot of errors behind the scenes (page without visible errors here; page with visible errors here).

Bottom line: it can be done, using the filter I give above, but it’s going to be a messy job to get the regex right, especially as the plugin’s messing up your html.

For my own site, I would do it, but if I were less skilled and I were the only person updating the plugins, then I’d simply comment out the line that your friend suggested each time the plugin is updated. not ideal, but pragmatic.

Thanks for the info.
Much appreciated.
Will pass this on to the plugin developers.

This the feedback I just received on this:

Based on the validator output, the big issues I see are:
1. The comments section is inserting HTML tags in the title attribute of the post: This breaks all subsequent tags till it gets back around to the end of the div.

<h1 class="entry-title format-icon">
<span class="summary">THMCEC 22nd Annual Border Poker Run</span>
<span class="comments-link">
<a href="#tc-comment-title" title="Comment(s) on <span class="summary">THMCEC 22nd Annual Border Poker Run</span>">
<span class="fs1 icon-bubble" >
</span>
<span class="inner">
1
</span>
</a>
</span>
</h1>

I’ve broken up the tags to show the issue. The highlighted section is the title (including HTML) that the plugin brings to the table. If you’re creating a valid HTML tag, you need to make sure that any attribute fields DO NOT contain HTML tags, as it’s just not allowed. It’s pretty simple: Remove any all tags (or at least encode them so they’re escaped) when using them as a value in a HTML attribute field.
Basically, from that point on, the validator gets quite confused and throws a lot of errors that aren’t really errors.

There’s probably a few places in Customizr where usage of get_the_title in HTML attributes isn’t escaped. It’s escaped in most places, but not in all (as I found).

The one that affects Bill is in customizr/inc/parts/class-content-heading.php on line 249.

The line is:

get_the_title(),

Changing it to:

esc_attr( get_the_title() ),

…solves the issue.

To clear out HTML, you could also use (untested):

esc_attr( strip_tags( get_the_title() ) ),

Note: There are probably other occurrences of this sort of thing elsewhere, and it’s probably worthwhile looking through them to catch any others.

BTW: Possible simple way to break any site that doesn’t escape titles being used as HTML attributes is to try them with the title:

Why are ” in titles so bad?

This will most likely break the HTML attribute by closing it early.

Note: Yes, the title attribute will show escaped HTML in the hover, but it doesn’t break.

PS: Plugins like WP-Typography also use HTML tags in titles, so fixing this would also resolve a conflict with that plugin.