hugo/content/en/functions/safe/HTML.md
Bjørn Erik Pedersen 9b0050e9aa Squashed 'docs/' content from commit 5c085a37b
git-subtree-dir: docs
git-subtree-split: 5c085a37b297bf12f59efeaae591418ec025c10d
2024-01-27 10:48:33 +01:00

1.2 KiB

title description categories keywords action aliases
safe.HTML Declares the given string as a safeHTML string.
aliases related returnType signatures
safeHTML
functions/safe/CSS
functions/safe/HTMLAttr
functions/safe/JS
functions/safe/JSStr
functions/safe/URL
template.HTML
safe.HTML INPUT
/functions/safehtml

It should not be used for HTML from a third-party, or HTML with unclosed tags or comments.

Given a site-wide hugo.toml with the following copyright value:

{{< code-toggle file=hugo >}} copyright = "© 2015 Jane Doe. <a href="https://creativecommons.org/licenses/by/4.0/">Some rights reserved." {{< /code-toggle >}}

{{ .Site.Copyright | safeHTML }} in a template would then output:

© 2015 Jane Doe.  <a href="https://creativecommons.org/licenses/by/4.0/">Some rights reserved</a>.

However, without the safeHTML function, html/template assumes .Site.Copyright to be unsafe and therefore escapes all HTML tags and renders the whole string as plain text:

<p>© 2015 Jane Doe.  &lt;a href=&#34;https://creativecommons.org/licenses by/4.0/&#34;&gt;Some rights reserved&lt;/a&gt;.</p>