github/hugo
1
0
Fork 0
mirror of https://github.com/gohugoio/hugo.git synced 2024-11-14 20:37:55 -05:00
Code Issues Projects Releases Packages Wiki Activity
hugo/content/en/functions/safeHTML.md
Bjørn Erik Pedersen d3927310d5 Squashed 'docs/' changes from 39af43ef1..1798dc0d5 
1798dc0d5 Update theme
403fa716e Update CLI documentation (#2092)
aade5a09e Correct media subtype example
53cd9dea6 netlify: Hugo 0.112.3
b78b86cb1 Add source/target warning to resources.Copy (#2091)
50c299729 netlify: Hugo 0.112.2
73197046f Change config.xxx to hugo.xxx throughout the documentation (#2090)
d489d4c6f Add hugo.WorkingDir to docs (#2089)
7487df809 Fix typos (#2088)
6d0572cd6 netlify: Hugo 0.112.1
6838600b2 netlify: Hugo 0.112.0
513e7a80f Merge branch 'tempv0.112.0'
91eb44275 Some more about 0.112.0
bd3b33a27 docs: Regen docshelper
fb3027daf docs: Regen CLI docs
8e7b8e987 Merge commit 'f96384a3b596f9bc0a3a035970b09b2c601f0ccb'
a942ceef4 tpl/tplimpl: Add img loading attribute to figure shortcode  (#10927)
0e0c7b25e tpl/urls: Return empty string when JoinPath has zero args
310ce949a tpl/urls: Add JoinPath template function
ae435ca77 tpl: Add math.Abs
f340139f8 Revert "Update syntax-highlighting.md (#10929)" (#10930)
917a0e24d Update syntax-highlighting.md (#10929)

git-subtree-dir: docs
git-subtree-split: 1798dc0d54ce048dd975863b490cd809ef14268a
2023-05-27 16:59:59 +02:00

1.1 KiB
Raw Blame History

title description categories menu keywords signature relatedfuncs
safeHTML Declares a provided string as a "safe" HTML document to avoid escaping by Go templates.
functions
docs
parent
functions
strings
safeHTML INPUT

It should not be used for HTML from a third-party, or HTML with unclosed tags or comments.

Given a site-wide hugo.toml with the following copyright value:

{{< code-toggle file="hugo" >}} copyright = "© 2015 Jane Doe. <a href="https://creativecommons.org/licenses/by/4.0/">Some rights reserved." {{< /code-toggle >}}

{{ .Site.Copyright | safeHTML }} in a template would then output:

© 2015 Jane Doe.  <a href="https://creativecommons.org/licenses/by/4.0/">Some rights reserved</a>.

However, without the safeHTML function, html/template assumes .Site.Copyright to be unsafe and therefore escapes all HTML tags and renders the whole string as plain text:

<p>© 2015 Jane Doe.  &lt;a href=&#34;https://creativecommons.org/licenses by/4.0/&#34;&gt;Some rights reserved&lt;/a&gt;.</p>