mirror of
https://github.com/gohugoio/hugo.git
synced 2024-11-29 08:32:05 -05:00
40 lines
1.2 KiB
Markdown
40 lines
1.2 KiB
Markdown
|
---
|
||
|
title: safe.HTML
|
||
|
description: Declares the given string as a safeHTML string.
|
||
|
categories: []
|
||
|
keywords: []
|
||
|
action:
|
||
|
aliases: [safeHTML]
|
||
|
related:
|
||
|
- functions/safe/CSS
|
||
|
- functions/safe/HTMLAttr
|
||
|
- functions/safe/JS
|
||
|
- functions/safe/JSStr
|
||
|
- functions/safe/URL
|
||
|
returnType: template.HTML
|
||
|
signatures: [safe.HTML INPUT]
|
||
|
aliases: [/functions/safehtml]
|
||
|
---
|
||
|
|
||
|
It should not be used for HTML from a third-party, or HTML with unclosed tags or comments.
|
||
|
|
||
|
Given a site-wide [`hugo.toml`][config] with the following `copyright` value:
|
||
|
|
||
|
{{< code-toggle file=hugo >}}
|
||
|
copyright = "© 2015 Jane Doe. <a href=\"https://creativecommons.org/licenses/by/4.0/\">Some rights reserved</a>."
|
||
|
{{< /code-toggle >}}
|
||
|
|
||
|
`{{ .Site.Copyright | safeHTML }}` in a template would then output:
|
||
|
|
||
|
```html
|
||
|
© 2015 Jane Doe. <a href="https://creativecommons.org/licenses/by/4.0/">Some rights reserved</a>.
|
||
|
```
|
||
|
|
||
|
However, without the `safeHTML` function, html/template assumes `.Site.Copyright` to be unsafe and therefore escapes all HTML tags and renders the whole string as plain text:
|
||
|
|
||
|
```html
|
||
|
<p>© 2015 Jane Doe. <a href="https://creativecommons.org/licenses by/4.0/">Some rights reserved</a>.</p>
|
||
|
```
|
||
|
|
||
|
[config]: /getting-started/configuration/
|