Merge commit '9b0050e9aabe4be65c78ccf292a348f309d50ccd' as 'docs'

``` git subtree add --prefix=docs/ https://github.com/gohugoio/hugoDocs.git master --squash ``` Closes #11925
2025-08-20 21:31:32 +02:00 · 2024-01-27 10:48:33 +01:00
parent fc7de7136a 9b0050e9aa
commit 5fd1e74903
1158 changed files with 64103 additions and 0 deletions
--- a/docs/content/en/functions/safe/JSStr.md
+++ b/docs/content/en/functions/safe/JSStr.md
@@ -0,0 +1,55 @@
+---
+title: safe.JSStr
+description: Declares the given string as a safe JavaScript string.
+categories: []
+keywords: []
+action:
+  aliases: [safeJSStr]
+  related:
+    - functions/safe/CSS
+    - functions/safe/HTML
+    - functions/safe/HTMLAttr
+    - functions/safe/JS
+    - functions/safe/URL
+  returnType: template.JSStr
+  signatures: [safe.JSStr INPUT]
+aliases: [/functions/safejsstr]
+---
+
+Encapsulates a sequence of characters meant to be embedded between quotes in a JavaScript expression. Use of this type presents a security risk: the encapsulated content should come from a trusted source, as it will be included verbatim in the template output.
+  
+Without declaring a variable to be a safe JavaScript string:
+
+```go-html-template
+{{ $title := "Lilo & Stitch" }}
+<script>
+  const a = "Title: " + {{ $title }};
+</script>
+```
+
+Rendered:
+
+```html
+<script>
+  const a = "Title: " + "Lilo \u0026 Stitch";
+</script>
+```
+
+To avoid escaping by Go's [html/template] package:
+
+```go-html-template
+{{ $title := "Lilo & Stitch" }}
+<script>
+  const a = "Title: " + {{ $title | safeJSStr }};
+</script>
+```
+
+Rendered:
+
+```html
+<script>
+  const a = "Title: " + "Lilo & Stitch";
+</script>
+```
+
+[html/template]: https://pkg.go.dev/html/template