Commit graph

6 commits

Author SHA1 Message Date
Rodolfo Carvalho
e22b3f54c3 tpl: Fix internal templates usage of safeHTMLAttr
The `safeHTMLAttr` function operates on a full attribute definition, not
just within the attribute value.

Docs: https://gohugo.io/functions/safehtmlattr/

For `opengraph.html`, run the whole `content` HTML attribute through
`safeHTMLAttr`. That will preserve `+` signs in formatted dates.

For `vimeo_simple.html`, `safeHTMLAttr` was in the context of an
attribute value, thus having no effect. In this case we could replace it
with `safeURL`, but since the code is coming from an API it is safer to
just let Go's template engine sanitize the value as it already does with
`provider_url`.

Fixes #5236 (no need to change Go upstream)
Related to #5246
2019-05-17 16:00:54 +02:00
Elliot Murphy
526b5b1c49 Fix OpenGraph image fallback to site params
Signed-off-by: Elliot Murphy <statik@users.noreply.github.com>
2019-01-25 18:14:10 +01:00
Ricardo N Feliciano
4f9c109dc5 tpl/opengraph: Use safeHTMLAttr instead of safeHTML for HTML attributes
Fixes #5236
2018-09-22 00:36:15 +02:00
Anthony Fok
c09ee78fd2
tpl: Suppress blank lines from opengraph internal template 2018-08-12 12:27:38 -06:00
Anthony Fok
2b73e89d6d
tpl: Set permission of embedded templates to 0644 2018-07-09 12:57:08 -06:00
Bjørn Erik Pedersen
34ad9a4f17
tpl/tplimpl: Extract internal templates
Having them in separate files should make maintainance easier.

When adding new or making changes to the templates:

```bash
mage generate
```

This will get the Go code in sync.

Fixes #4457
2018-05-04 23:12:10 +02:00