hugo/docs/content/en/functions/safe/HTMLAttr.md at e2dd4cd05fa96a08d49b3b198edf0ccf9a94970e

phoenix/hugo

Fork 0

mirror of https://github.com/gohugoio/hugo.git synced 2024-07-16 13:49:03 +00:00

Bjørn Erik Pedersen e2dd4cd05f

Merge commit 'e509cac533600cf4fa8382c9cdab78ddd82db688'

2023-10-20 09:43:56 +02:00

1.4 KiB

Raw Blame History

title

linkTitle

description

categories

keywords

function

relatedFunctions

aliases

safe.HTMLAttr

safeHTMLAttr

Declares the provided string as a safe HTML attribute.

functions

docs

parent
functions

aliases

returnType

signatures

safeHTMLAttr

template.HTMLAttr

safe.HTMLAttr INPUT

safe.CSS

safe.HTML

safe.HTMLAttr

safe.JS

safe.JSStr

safe.URL

/functions/safehtmlattr

Given a site configuration that contains this menu entry:

{{< code-toggle file="hugo" >}} menu.main name = "IRC" url = "irc://irc.freenode.net/#golang" {{< /code-toggle >}}

Attempting to use the url value directly in an attribute:

{{ range site.Menus.main }}
  <a href="{{ .URL }}">{{ .Name }}</a>
{{ end }}

Will produce:

<a href="#ZgotmplZ">IRC</a>

ZgotmplZ is a special value, inserted by Go's template/html package, that indicates that unsafe content reached a CSS or URL context.

To indicate that the HTML attribute is safe:

{{ range site.Menus.main }}
  <a {{ printf "href=%q" .URL | safeHTMLAttr }}>{{ .Name }}</a>
{{ end }}

{{% note %}} As demonstrated above, you must pass the HTML attribute name and value through the function. Applying safeHTMLAttr to the attribute value has no effect. {{% /note %}}

1.4 KiB Raw Blame History

1.4 KiB

Raw Blame History