hugo/docs/content/en/functions/safeJS.md

1.2 KiB

title description godocref date publishdate lastmod categories menu keywords signature workson hugoversion relatedfuncs deprecated draft aliases
safeJS Declares the provided string as a known safe JavaScript string. https://golang.org/src/html/template/content.go?s=2548:2557#L51 2017-02-01 2017-02-01 2017-02-01
functions
docs
parent
functions
strings
safeJS INPUT
false false

In this context, safe means the string encapsulates a known safe EcmaScript5 Expression (e.g., (x + y * z())).

Template authors are responsible for ensuring that typed expressions do not break the intended precedence and that there is no statement/expression ambiguity as when passing an expression like { foo:bar() }\n['foo'](), which is both a valid expression and a valid program with a very different meaning.

Example: Given hash = "619c16f" defined in the front matter of your .md file:

  • <script>var form_{{ .Params.hash | safeJS }};…</script><script>var form_619c16f;…</script>
  • <script>var form_{{ .Params.hash }};…</script><script>var form_"619c16f";…</script>