1
0
mirror of https://github.com/gohugoio/hugo.git synced 2024-05-11 05:54:58 +00:00
Files
gohugoio-hugo/docs/content/en/functions/safeHTML.md
2019-10-21 10:22:28 +02:00

1.2 KiB

title, description, godocref, date, publishdate, lastmod, categories, menu, keywords, signature, workson, hugoversion, relatedfuncs, deprecated
title description godocref date publishdate lastmod categories menu keywords signature workson hugoversion relatedfuncs deprecated
safeHTML Declares a provided string as a "safe" HTML document to avoid escaping by Go templates. https://golang.org/src/html/template/content.go?s=1374:1385#L25 2017-02-01 2017-02-01 2017-02-01
functions
docs
parent
functions
strings
safeHTML INPUT
false

It should not be used for HTML from a third-party, or HTML with unclosed tags or comments.

Given a site-wide config.toml with the following copyright value:

copyright = "© 2015 Jane Doe.  <a href=\"https://creativecommons.org/licenses/by/4.0/\">Some rights reserved</a>."

{{ .Site.Copyright | safeHTML }} in a template would then output:

© 2015 Jane Doe.  <a href="https://creativecommons.org/licenses/by/4.0/">Some rights reserved</a>.

However, without the safeHTML function, html/template assumes .Site.Copyright to be unsafe and therefore escapes all HTML tags and renders the whole string as plain text:

<p>© 2015 Jane Doe.  &lt;a href=&#34;https://creativecommons.org/licenses by/4.0/&#34;&gt;Some rights reserved&lt;/a&gt;.</p>