aboutsummaryrefslogtreecommitdiffhomepage
path: root/docs/content/en/functions
diff options
context:
space:
mode:
authorJoe Mooring <[email protected]>2023-11-24 15:51:27 -0800
committerBjørn Erik Pedersen <[email protected]>2023-11-27 10:52:33 +0100
commitb4c5df42ff7d2542a661cf06b7a7acb03282bc5a (patch)
treeb35e5e2a32ff657ea56f4544da6789d6161e4e3e /docs/content/en/functions
parentef12d169c81b0b82f6c2cd1a1ba680f04669c360 (diff)
downloadhugo-b4c5df42ff7d2542a661cf06b7a7acb03282bc5a.tar.gz
hugo-b4c5df42ff7d2542a661cf06b7a7acb03282bc5a.zip
tpl/transform: Add transform.XMLEscape template function
Fixes #3268
Diffstat (limited to 'docs/content/en/functions')
-rw-r--r--docs/content/en/functions/transform/XMLEscape.md38
1 files changed, 38 insertions, 0 deletions
diff --git a/docs/content/en/functions/transform/XMLEscape.md b/docs/content/en/functions/transform/XMLEscape.md
new file mode 100644
index 000000000..17ed2a13d
--- /dev/null
+++ b/docs/content/en/functions/transform/XMLEscape.md
@@ -0,0 +1,38 @@
+---
+title: transform.XMLEscape
+description: Returns the given string, removing disallowed characters then escaping the result to its XML equivalent.
+categories: []
+keywords: []
+action:
+ aliases: []
+ related: []
+ returnType: string
+ signatures: [transform.XMLEscape INPUT]
+---
+
+The `transform.XMLEscape` function removes [disallowed characters] as defined in the XML specification, then escapes the result by replacing the following characters with [HTML entities]:
+
+- `"` → `&#34;`
+- `'` → `&#39;`
+- `&` → `&amp;`
+- `<` → `&lt;`
+- `>` → `&gt;`
+- `\t` → `&#x9;`
+- `\n` → `&#xA;`
+- `\r` → `&#xD;`
+
+For example:
+
+```go-html-template
+transform.XMLEscape "<p>abc</p>" → &lt;p&gt;abc&lt;/p&gt;
+```
+
+When using `transform.XMLEscape` in a template rendered by Go's [html/template] package, declare the string to be safe HTML to avoid double escaping. For example, in an RSS template:
+
+{{< code file="layouts/_default/rss.xml" >}}
+<description>{{ .Summary | transform.XMLEscape | safeHTML }}</description>
+{{< /code >}}
+
+[disallowed characters]: https://www.w3.org/TR/xml/#charsets
+[html entities]: https://developer.mozilla.org/en-us/docs/glossary/entity
+[html/template]: https://pkg.go.dev/html/template