diff options
Diffstat (limited to 'docs/content/en/functions/safeHTMLAttr.md')
-rw-r--r-- | docs/content/en/functions/safeHTMLAttr.md | 42 |
1 files changed, 29 insertions, 13 deletions
diff --git a/docs/content/en/functions/safeHTMLAttr.md b/docs/content/en/functions/safeHTMLAttr.md index 19de2e985..7e730412a 100644 --- a/docs/content/en/functions/safeHTMLAttr.md +++ b/docs/content/en/functions/safeHTMLAttr.md @@ -1,30 +1,46 @@ --- title: safeHTMLAttr -# linktitle: safeHTMLAttr description: Declares the provided string as a safe HTML attribute. -date: 2017-02-01 -publishdate: 2017-02-01 -lastmod: 2017-02-01 categories: [functions] menu: docs: - parent: "functions" + parent: functions keywords: [strings] signature: ["safeHTMLAttr INPUT"] -workson: [] -hugoversion: relatedfuncs: [] -deprecated: false aliases: [] --- -Example: Given a site-wide `config.toml` that contains this menu entry: +Given a site configuration that contains this menu entry: {{< code-toggle file="config" >}} [[menu.main]] - name = "IRC: #golang at freenode" - url = "irc://irc.freenode.net/#golang" + name = "IRC" + url = "irc://irc.freenode.net/#golang" {{< /code-toggle >}} -* <span class="bad">`<a href="{{ .URL }}">` → `<a href="#ZgotmplZ">`</span> -* <span class="good">`<a {{ printf "href=%q" .URL | safeHTMLAttr }}>` → `<a href="irc://irc.freenode.net/#golang">`</span> +Attempting to use the `url` value directly in an attribute: + +```go-html-template +{{ range site.Menus.main }} + <a href="{{ .URL }}">{{ .Name }}</a> +{{ end }} +``` + +Will produce: + +```html +<a href="#ZgotmplZ">IRC</a> +``` + +`ZgotmplZ` is a special value, inserted by Go's [template/html] package, that indicates that unsafe content reached a CSS or URL context. + +To override the safety check, use the `safeHTMLAttr` function: + +```go-html-template +{{ range site.Menus.main }} + <a {{ printf "href=%q" .URL | safeHTMLAttr }}>{{ .Name }}</a> +{{ end }} +``` + +[template/html]: https://pkg.go.dev/html/template |