hugo/docs/content/en/functions/safe/HTML.md
2023-10-20 09:43:56 +02:00

1.3 KiB

title linkTitle description categories keywords menu function relatedFunctions aliases
safe.HTML safeHTML Declares a provided string as a "safe" HTML document to avoid escaping by Go templates.
functions
docs
parent
functions
aliases returnType signatures
safeHTML
template.HTML
safe.HTML INPUT
safe.CSS
safe.HTML
safe.HTMLAttr
safe.JS
safe.JSStr
safe.URL
/functions/safehtml

It should not be used for HTML from a third-party, or HTML with unclosed tags or comments.

Given a site-wide hugo.toml with the following copyright value:

{{< code-toggle file="hugo" >}} copyright = "© 2015 Jane Doe. <a href="https://creativecommons.org/licenses/by/4.0/">Some rights reserved." {{< /code-toggle >}}

{{ .Site.Copyright | safeHTML }} in a template would then output:

© 2015 Jane Doe.  <a href="https://creativecommons.org/licenses/by/4.0/">Some rights reserved</a>.

However, without the safeHTML function, html/template assumes .Site.Copyright to be unsafe and therefore escapes all HTML tags and renders the whole string as plain text:

<p>© 2015 Jane Doe.  &lt;a href=&#34;https://creativecommons.org/licenses by/4.0/&#34;&gt;Some rights reserved&lt;/a&gt;.</p>