Merge commit '336622d5e7afd9334cd2de7150d4f16bdf7c24f9'

This commit is contained in:
Bjørn Erik Pedersen 2023-03-01 11:56:07 +01:00
commit 97b010f521
No known key found for this signature in database
GPG key ID: 330E6E2BD4859D8F
4 changed files with 13 additions and 6 deletions

View file

@ -57,7 +57,7 @@ For HTML output, this is the core security model:
In short:
Templates authors (you) are trusted, but the data you send in is not.
Template and configuration authors (you) are trusted, but the data you send in is not.
This is why you sometimes need to use the _safe_ functions, such as `safeHTML`, to avoid escaping of data you know is safe.
There is one exception to the above, as noted in the documentation: If you enable inline shortcodes, you also say that the shortcodes and data handling in content files are trusted, as those macros are treated as pure text.
It may be worth adding that Hugo is a static site generator with no concept of dynamic user input.

View file

@ -34,7 +34,13 @@ You must also be comfortable working from the command line.
### Commands
{{% note %}}
If you are a Windows user, you must run these commands with [PowerShell]. You cannot use Windows Powershell, which is a different application, or the Command Prompt. You may also use a Linux shell if available.
**If you are a Windows user:**
- Do not use the Command Prompt
- Do not use Windows PowerShell
- Run these commands from [PowerShell] or a Linux terminal such as WSL or Git Bash
PowerShell and Windows PowerShell are different applications.
[PowerShell]: https://learn.microsoft.com/en-us/powershell/scripting/install/installing-powershell-on-windows
{{% /note %}}

View file

@ -1,4 +1,4 @@
<div class="mermaid">
<pre class="mermaid">
{{- .Inner | safeHTML }}
</div>
</pre>
{{ .Page.Store.Set "hasMermaid" true }}

View file

@ -1,6 +1,7 @@
{{ if .Page.Store.Get "hasMermaid" }}
<script src="https://cdn.jsdelivr.net/npm/mermaid/dist/mermaid.min.js"></script>
<script>
<script type="module" async>
import mermaid from 'https://cdn.jsdelivr.net/npm/mermaid@9/+esm';
mermaid.initialize({ startOnLoad: true });
</script>
{{ end }}