github/hugo
1
0
Fork 0
mirror of https://github.com/gohugoio/hugo.git synced 2024-11-14 20:37:55 -05:00
Code Issues Projects Releases Packages Wiki Activity
hugo/docs/content/en/functions/safe/HTMLAttr.md
Bjørn Erik Pedersen 5fd1e74903
Merge commit '9b0050e9aabe4be65c78ccf292a348f309d50ccd' as 'docs' 
```
git subtree add --prefix=docs/ https://github.com/gohugoio/hugoDocs.git master --squash
```

Closes #11925
2024-01-27 10:48:57 +01:00

55 lines
1.3 KiB
Markdown
Raw Blame History

---
title: safe.HTMLAttr
description: Declares the given key/value pair as a safe HTML attribute.
categories: []
keywords: []
action:
aliases: [safeHTMLAttr]
related:
- functions/safe/CSS
- functions/safe/HTML
- functions/safe/JS
- functions/safe/JSStr
- functions/safe/URL
returnType: template.HTMLAttr
signatures: [safe.HTMLAttr INPUT]
aliases: [/functions/safehtmlattr]
---
Given a site configuration that contains this menu entry:
{{< code-toggle file=hugo >}}
[[menus.main]]
name = "IRC"
url = "irc://irc.freenode.net/#golang"
{{< /code-toggle >}}
Attempting to use the `url` value directly in an attribute:
```go-html-template
{{ range site.Menus.main }}
<a href="{{ .URL }}">{{ .Name }}</a>
{{ end }}
```
Will produce:
```html
<a href="#ZgotmplZ">IRC</a>
```
`ZgotmplZ` is a special value, inserted by Go's [template/html] package, that indicates that unsafe content reached a CSS or URL context.
To indicate that the HTML attribute is safe:
```go-html-template
{{ range site.Menus.main }}
<a {{ printf "href=%q" .URL | safeHTMLAttr }}>{{ .Name }}</a>
{{ end }}
```
{{% note %}}
As demonstrated above, you must pass the HTML attribute name _and_ value through the function. Applying `safeHTMLAttr` to the attribute value has no effect.
{{% /note %}}
[template/html]: https://pkg.go.dev/html/template
Reference in a new issue View git blame Copy permalink