mirror of
https://github.com/gohugoio/hugo.git
synced 2025-08-21 21:35:28 +02:00
Merge commit '35dec7c96f7ee3eb17dd444f7067f0c776fb56ae'
This commit is contained in:
Bjørn Erik Pedersen
@@ -1,23 +1,18 @@
|
||||
---
|
||||
title: safe.CSS
|
||||
linkTitle: safeCSS
|
||||
description: Declares the provided string as a known "safe" CSS string.
|
||||
categories: [functions]
|
||||
description: Declares the given string as safe CSS string.
|
||||
categories: []
|
||||
keywords: []
|
||||
menu:
|
||||
docs:
|
||||
parent: functions
|
||||
function:
|
||||
action:
|
||||
aliases: [safeCSS]
|
||||
related:
|
||||
- functions/safe/HTML
|
||||
- functions/safe/HTMLAttr
|
||||
- functions/safe/JS
|
||||
- functions/safe/JSStr
|
||||
- functions/safe/URL
|
||||
returnType: template.CSS
|
||||
signatures: [safe.CSS INPUT]
|
||||
relatedFunctions:
|
||||
- safe.CSS
|
||||
- safe.HTML
|
||||
- safe.HTMLAttr
|
||||
- safe.JS
|
||||
- safe.JSStr
|
||||
- safe.URL
|
||||
aliases: [/functions/safecss]
|
||||
---
|
||||
|
||||
@@ -30,9 +25,9 @@ In this context, *safe* means CSS content that matches any of the following:
|
||||
|
||||
Example: Given `style = "color: red;"` defined in the front matter of your `.md` file:
|
||||
|
||||
* <span class="good">`<p style="{{ .Params.style | safeCSS }}">…</p>` → `<p style="color: red;">…</p>`</span>
|
||||
* <span class="bad">`<p style="{{ .Params.style }}">…</p>` → `<p style="ZgotmplZ">…</p>`</span>
|
||||
* `<p style="{{ .Params.style | safeCSS }}">…</p>` → `<p style="color: red;">…</p>`
|
||||
* `<p style="{{ .Params.style }}">…</p>` → `<p style="ZgotmplZ">…</p>`
|
||||
|
||||
{{% note %}}
|
||||
"ZgotmplZ" is a special value that indicates that unsafe content reached a CSS or URL context.
|
||||
`ZgotmplZ` is a special value that indicates that unsafe content reached a CSS or URL context.
|
||||
{{% /note %}}
|
||||
|
||||
@@ -1,23 +1,18 @@
|
||||
---
|
||||
title: safe.HTML
|
||||
linkTitle: safeHTML
|
||||
description: Declares a provided string as a "safe" HTML document to avoid escaping by Go templates.
|
||||
categories: [functions]
|
||||
description: Declares the given string as a safeHTML string.
|
||||
categories: []
|
||||
keywords: []
|
||||
menu:
|
||||
docs:
|
||||
parent: functions
|
||||
function:
|
||||
action:
|
||||
aliases: [safeHTML]
|
||||
related:
|
||||
- functions/safe/CSS
|
||||
- functions/safe/HTMLAttr
|
||||
- functions/safe/JS
|
||||
- functions/safe/JSStr
|
||||
- functions/safe/URL
|
||||
returnType: template.HTML
|
||||
signatures: [safe.HTML INPUT]
|
||||
relatedFunctions:
|
||||
- safe.CSS
|
||||
- safe.HTML
|
||||
- safe.HTMLAttr
|
||||
- safe.JS
|
||||
- safe.JSStr
|
||||
- safe.URL
|
||||
aliases: [/functions/safehtml]
|
||||
---
|
||||
|
||||
@@ -25,7 +20,7 @@ It should not be used for HTML from a third-party, or HTML with unclosed tags or
|
||||
|
||||
Given a site-wide [`hugo.toml`][config] with the following `copyright` value:
|
||||
|
||||
{{< code-toggle file="hugo" >}}
|
||||
{{< code-toggle file=hugo >}}
|
||||
copyright = "© 2015 Jane Doe. <a href=\"https://creativecommons.org/licenses/by/4.0/\">Some rights reserved</a>."
|
||||
{{< /code-toggle >}}
|
||||
|
||||
|
||||
@@ -1,29 +1,24 @@
|
||||
---
|
||||
title: safe.HTMLAttr
|
||||
linkTitle: safeHTMLAttr
|
||||
description: Declares the provided string as a safe HTML attribute.
|
||||
categories: [functions]
|
||||
description: Declares the given key/value pair as a safe HTML attribute.
|
||||
categories: []
|
||||
keywords: []
|
||||
menu:
|
||||
docs:
|
||||
parent: functions
|
||||
function:
|
||||
action:
|
||||
aliases: [safeHTMLAttr]
|
||||
related:
|
||||
- functions/safe/CSS
|
||||
- functions/safe/HTML
|
||||
- functions/safe/JS
|
||||
- functions/safe/JSStr
|
||||
- functions/safe/URL
|
||||
returnType: template.HTMLAttr
|
||||
signatures: [safe.HTMLAttr INPUT]
|
||||
relatedFunctions:
|
||||
- safe.CSS
|
||||
- safe.HTML
|
||||
- safe.HTMLAttr
|
||||
- safe.JS
|
||||
- safe.JSStr
|
||||
- safe.URL
|
||||
aliases: [/functions/safehtmlattr]
|
||||
---
|
||||
|
||||
Given a site configuration that contains this menu entry:
|
||||
|
||||
{{< code-toggle file="hugo" >}}
|
||||
{{< code-toggle file=hugo >}}
|
||||
[[menu.main]]
|
||||
name = "IRC"
|
||||
url = "irc://irc.freenode.net/#golang"
|
||||
@@ -35,7 +30,7 @@ Attempting to use the `url` value directly in an attribute:
|
||||
{{ range site.Menus.main }}
|
||||
<a href="{{ .URL }}">{{ .Name }}</a>
|
||||
{{ end }}
|
||||
```
|
||||
```
|
||||
|
||||
Will produce:
|
||||
|
||||
|
||||
@@ -1,23 +1,18 @@
|
||||
---
|
||||
title: safe.JS
|
||||
linkTitle: safeJS
|
||||
description: Declares the provided string as a known safe JavaScript string.
|
||||
categories: [functions]
|
||||
description: Declares the given string as a safe JavaScript expression.
|
||||
categories: []
|
||||
keywords: []
|
||||
menu:
|
||||
docs:
|
||||
parent: functions
|
||||
function:
|
||||
action:
|
||||
aliases: [safeJS]
|
||||
related:
|
||||
- functions/safe/CSS
|
||||
- functions/safe/HTML
|
||||
- functions/safe/HTMLAttr
|
||||
- functions/safe/JSStr
|
||||
- functions/safe/URL
|
||||
returnType: template.JS
|
||||
signatures: [safe.JS INPUT]
|
||||
relatedFunctions:
|
||||
- safe.CSS
|
||||
- safe.HTML
|
||||
- safe.HTMLAttr
|
||||
- safe.JS
|
||||
- safe.JSStr
|
||||
- safe.URL
|
||||
aliases: [/functions/safejs]
|
||||
---
|
||||
|
||||
@@ -27,5 +22,5 @@ Template authors are responsible for ensuring that typed expressions do not brea
|
||||
|
||||
Example: Given `hash = "619c16f"` defined in the front matter of your `.md` file:
|
||||
|
||||
* <span class="good">`<script>var form_{{ .Params.hash | safeJS }};…</script>` → `<script>var form_619c16f;…</script>`</span>
|
||||
* <span class="bad">`<script>var form_{{ .Params.hash }};…</script>` → `<script>var form_"619c16f";…</script>`</span>
|
||||
* `<script>var form_{{ .Params.hash | safeJS }};…</script>` → `<script>var form_619c16f;…</script>`
|
||||
* `<script>var form_{{ .Params.hash }};…</script>` → `<script>var form_"619c16f";…</script>`
|
||||
|
||||
@@ -1,23 +1,18 @@
|
||||
---
|
||||
title: safe.JSStr
|
||||
linkTitle: safeJSStr
|
||||
description: Declares the provided string as a known safe JavaScript string.
|
||||
categories: [functions]
|
||||
description: Declares the given string as a safe JavaScript string.
|
||||
categories: []
|
||||
keywords: []
|
||||
menu:
|
||||
docs:
|
||||
parent: functions
|
||||
function:
|
||||
action:
|
||||
aliases: [safeJSStr]
|
||||
related:
|
||||
- functions/safe/CSS
|
||||
- functions/safe/HTML
|
||||
- functions/safe/HTMLAttr
|
||||
- functions/safe/JS
|
||||
- functions/safe/URL
|
||||
returnType: template.JSStr
|
||||
signatures: [safe.JSStr INPUT]
|
||||
relatedFunctions:
|
||||
- safe.CSS
|
||||
- safe.HTML
|
||||
- safe.HTMLAttr
|
||||
- safe.JS
|
||||
- safe.JSStr
|
||||
- safe.URL
|
||||
aliases: [/functions/safejsstr]
|
||||
---
|
||||
|
||||
@@ -34,7 +29,6 @@ Without declaring a variable to be a safe JavaScript string:
|
||||
|
||||
Rendered:
|
||||
|
||||
|
||||
```html
|
||||
<script>
|
||||
const a = "Title: " + "Lilo \u0026 Stitch";
|
||||
|
||||
@@ -1,23 +1,18 @@
|
||||
---
|
||||
title: safe.URL
|
||||
linkTitle: safeURL
|
||||
description: Declares the provided string as a safe URL or URL substring.
|
||||
categories: [functions]
|
||||
description: Declares the given string as a safe URL or URL substring.
|
||||
categories: []
|
||||
keywords: []
|
||||
menu:
|
||||
docs:
|
||||
parent: functions
|
||||
function:
|
||||
action:
|
||||
aliases: [safeURL]
|
||||
related:
|
||||
- functions/safe/CSS
|
||||
- functions/safe/HTML
|
||||
- functions/safe/HTMLAttr
|
||||
- functions/safe/JS
|
||||
- functions/safe/JSStr
|
||||
returnType: template.URL
|
||||
signatures: [safe.URL INPUT]
|
||||
relatedFunctions:
|
||||
- safe.CSS
|
||||
- safe.HTML
|
||||
- safe.HTMLAttr
|
||||
- safe.JS
|
||||
- safe.JSStr
|
||||
- safe.URL
|
||||
aliases: [/functions/safeurl]
|
||||
---
|
||||
|
||||
@@ -27,7 +22,7 @@ Without `safeURL`, only the URI schemes `http:`, `https:` and `mailto:` are cons
|
||||
|
||||
The following examples use a [site `hugo.toml`][configuration] with the following [menu entry][menus]:
|
||||
|
||||
{{< code-toggle file="hugo" copy=false >}}
|
||||
{{< code-toggle file=hugo >}}
|
||||
[[menu.main]]
|
||||
name = "IRC: #golang at freenode"
|
||||
url = "irc://irc.freenode.net/#golang"
|
||||
@@ -35,7 +30,7 @@ url = "irc://irc.freenode.net/#golang"
|
||||
|
||||
The following is an example of a sidebar partial that may be used in conjunction with the preceding front matter example:
|
||||
|
||||
{{< code file="layouts/partials/bad-url-sidebar-menu.html" copy=false >}}
|
||||
{{< code file=layouts/partials/bad-url-sidebar-menu.html >}}
|
||||
<!-- This unordered list may be part of a sidebar menu -->
|
||||
<ul>
|
||||
{{ range .Site.Menus.main }}
|
||||
@@ -55,7 +50,7 @@ This partial would produce the following HTML output:
|
||||
|
||||
The odd output can be remedied by adding ` | safeURL` to our `.URL` page variable:
|
||||
|
||||
{{< code file="layouts/partials/correct-url-sidebar-menu.html" copy=false >}}
|
||||
{{< code file=layouts/partials/correct-url-sidebar-menu.html >}}
|
||||
<!-- This unordered list may be part of a sidebar menu -->
|
||||
<ul>
|
||||
<li><a href="{{ .URL | safeURL }}">{{ .Name }}</a></li>
|
||||
|
||||
14
docs/content/en/functions/safe/_index.md
Normal file
14
docs/content/en/functions/safe/_index.md
Normal file
@@ -0,0 +1,14 @@
|
||||
---
|
||||
title: Safe functions
|
||||
linkTitle: safe
|
||||
description: Template functions to declare a value as safe in the context of Go's html/template package.
|
||||
categories: []
|
||||
keywords: []
|
||||
menu:
|
||||
docs:
|
||||
parent: functions
|
||||
---
|
||||
|
||||
Use these functions to declare a value as safe in the context of Go's [html/template] package.
|
||||
|
||||
[html/template]: https://pkg.go.dev/html/template
|
||||
Reference in New Issue
Block a user