hugo/content/en/functions/safeHTML.md
Bjørn Erik Pedersen b9bd35d72e Squashed 'docs/' content from commit fdea5430f
git-subtree-dir: docs
git-subtree-split: fdea5430f89dfd849d39212abdf5ace0a4763e5a
2019-10-21 10:22:28 +02:00

1.2 KiB

title description godocref date publishdate lastmod categories menu keywords signature workson hugoversion relatedfuncs deprecated
safeHTML Declares a provided string as a "safe" HTML document to avoid escaping by Go templates. https://golang.org/src/html/template/content.go?s=1374:1385#L25 2017-02-01 2017-02-01 2017-02-01
functions
docs
parent
functions
strings
safeHTML INPUT
false

It should not be used for HTML from a third-party, or HTML with unclosed tags or comments.

Given a site-wide config.toml with the following copyright value:

copyright = "© 2015 Jane Doe.  <a href=\"https://creativecommons.org/licenses/by/4.0/\">Some rights reserved</a>."

{{ .Site.Copyright | safeHTML }} in a template would then output:

© 2015 Jane Doe.  <a href="https://creativecommons.org/licenses/by/4.0/">Some rights reserved</a>.

However, without the safeHTML function, html/template assumes .Site.Copyright to be unsafe and therefore escapes all HTML tags and renders the whole string as plain text:

<p>© 2015 Jane Doe.  &lt;a href=&#34;https://creativecommons.org/licenses by/4.0/&#34;&gt;Some rights reserved&lt;/a&gt;.</p>