hugo/docs/content/en/functions/safe/HTML.md
Bjørn Erik Pedersen 5fd1e74903
Merge commit '9b0050e9aabe4be65c78ccf292a348f309d50ccd' as 'docs'
```
git subtree add --prefix=docs/ https://github.com/gohugoio/hugoDocs.git master --squash
```

Closes #11925
2024-01-27 10:48:57 +01:00

39 lines
1.2 KiB
Markdown

---
title: safe.HTML
description: Declares the given string as a safeHTML string.
categories: []
keywords: []
action:
aliases: [safeHTML]
related:
- functions/safe/CSS
- functions/safe/HTMLAttr
- functions/safe/JS
- functions/safe/JSStr
- functions/safe/URL
returnType: template.HTML
signatures: [safe.HTML INPUT]
aliases: [/functions/safehtml]
---
It should not be used for HTML from a third-party, or HTML with unclosed tags or comments.
Given a site-wide [`hugo.toml`][config] with the following `copyright` value:
{{< code-toggle file=hugo >}}
copyright = "© 2015 Jane Doe. <a href=\"https://creativecommons.org/licenses/by/4.0/\">Some rights reserved</a>."
{{< /code-toggle >}}
`{{ .Site.Copyright | safeHTML }}` in a template would then output:
```html
© 2015 Jane Doe. <a href="https://creativecommons.org/licenses/by/4.0/">Some rights reserved</a>.
```
However, without the `safeHTML` function, html/template assumes `.Site.Copyright` to be unsafe and therefore escapes all HTML tags and renders the whole string as plain text:
```html
<p>© 2015 Jane Doe. &lt;a href=&#34;https://creativecommons.org/licenses by/4.0/&#34;&gt;Some rights reserved&lt;/a&gt;.</p>
```
[config]: /getting-started/configuration/