mirror of
https://github.com/gohugoio/hugo.git
synced 2025-01-02 16:42:39 +00:00
e22b3f54c3
The `safeHTMLAttr` function operates on a full attribute definition, not just within the attribute value. Docs: https://gohugo.io/functions/safehtmlattr/ For `opengraph.html`, run the whole `content` HTML attribute through `safeHTMLAttr`. That will preserve `+` signs in formatted dates. For `vimeo_simple.html`, `safeHTMLAttr` was in the context of an attribute value, thus having no effect. In this case we could replace it with `safeURL`, but since the code is coming from an API it is safer to just let Go's template engine sanitize the value as it already does with `provider_url`. Fixes #5236 (no need to change Go upstream) Related to #5246
18 lines
816 B
HTML
18 lines
816 B
HTML
{{ $id := .Get "id" | default (.Get 0) }}
|
|
{{- $item := getJSON "https://vimeo.com/api/oembed.json?url=https://vimeo.com/" $id -}}
|
|
{{ $class := .Get "class" | default (.Get 1) }}
|
|
{{ $hasClass := $class }}
|
|
{{ $class := $class | default "__h_video" }}
|
|
{{ if not $hasClass }}
|
|
{{/* If class is set, assume the user wants to provide his own styles. */}}
|
|
{{ template "__h_simple_css" $ }}
|
|
{{ end }}
|
|
{{ $secondClass := "s_video_simple" }}
|
|
<div class="{{ $secondClass }} {{ $class }}">
|
|
{{- with $item }}
|
|
<a href="{{ .provider_url }}{{ .video_id }}" target="_blank">
|
|
{{ $thumb := .thumbnail_url }}
|
|
{{ $original := $thumb | replaceRE "(_.*\\.)" "." }}
|
|
<img src="{{ $thumb }}" srcset="{{ $thumb }} 1x, {{ $original }} 2x" alt="{{ .title }}">
|
|
<div class="play">{{ template "__h_simple_icon_play" $ }}</div></a></div>
|
|
{{- end -}}
|