diff options
Diffstat (limited to 'content/en/functions/safe')
| -rw-r--r-- | content/en/functions/safe/CSS.md | 29 | ||||
| -rw-r--r-- | content/en/functions/safe/HTML.md | 25 | ||||
| -rw-r--r-- | content/en/functions/safe/HTMLAttr.md | 27 | ||||
| -rw-r--r-- | content/en/functions/safe/JS.md | 27 | ||||
| -rw-r--r-- | content/en/functions/safe/JSStr.md | 24 | ||||
| -rw-r--r-- | content/en/functions/safe/URL.md | 29 | ||||
| -rw-r--r-- | content/en/functions/safe/_index.md | 14 |
7 files changed, 79 insertions, 96 deletions
diff --git a/content/en/functions/safe/CSS.md b/content/en/functions/safe/CSS.md index d5dcdfb66..08307fb15 100644 --- a/content/en/functions/safe/CSS.md +++ b/content/en/functions/safe/CSS.md @@ -1,23 +1,18 @@ --- title: safe.CSS -linkTitle: safeCSS -description: Declares the provided string as a known "safe" CSS string. -categories: [functions] +description: Declares the given string as safe CSS string. +categories: [] keywords: [] -menu: - docs: - parent: functions -function: +action: aliases: [safeCSS] + related: + - functions/safe/HTML + - functions/safe/HTMLAttr + - functions/safe/JS + - functions/safe/JSStr + - functions/safe/URL returnType: template.CSS signatures: [safe.CSS INPUT] -relatedFunctions: - - safe.CSS - - safe.HTML - - safe.HTMLAttr - - safe.JS - - safe.JSStr - - safe.URL aliases: [/functions/safecss] --- @@ -30,9 +25,9 @@ In this context, *safe* means CSS content that matches any of the following: Example: Given `style = "color: red;"` defined in the front matter of your `.md` file: -* <span class="good">`<p style="{{ .Params.style | safeCSS }}">…</p>` → `<p style="color: red;">…</p>`</span> -* <span class="bad">`<p style="{{ .Params.style }}">…</p>` → `<p style="ZgotmplZ">…</p>`</span> +* `<p style="{{ .Params.style | safeCSS }}">…</p>` → `<p style="color: red;">…</p>` +* `<p style="{{ .Params.style }}">…</p>` → `<p style="ZgotmplZ">…</p>` {{% note %}} -"ZgotmplZ" is a special value that indicates that unsafe content reached a CSS or URL context. +`ZgotmplZ` is a special value that indicates that unsafe content reached a CSS or URL context. {{% /note %}} diff --git a/content/en/functions/safe/HTML.md b/content/en/functions/safe/HTML.md index ea3afe8f3..ecc4f1346 100644 --- a/content/en/functions/safe/HTML.md +++ b/content/en/functions/safe/HTML.md @@ -1,23 +1,18 @@ --- title: safe.HTML -linkTitle: safeHTML -description: Declares a provided string as a "safe" HTML document to avoid escaping by Go templates. -categories: [functions] +description: Declares the given string as a safeHTML string. +categories: [] keywords: [] -menu: - docs: - parent: functions -function: +action: aliases: [safeHTML] + related: + - functions/safe/CSS + - functions/safe/HTMLAttr + - functions/safe/JS + - functions/safe/JSStr + - functions/safe/URL returnType: template.HTML signatures: [safe.HTML INPUT] -relatedFunctions: - - safe.CSS - - safe.HTML - - safe.HTMLAttr - - safe.JS - - safe.JSStr - - safe.URL aliases: [/functions/safehtml] --- @@ -25,7 +20,7 @@ It should not be used for HTML from a third-party, or HTML with unclosed tags or Given a site-wide [`hugo.toml`][config] with the following `copyright` value: -{{< code-toggle file="hugo" >}} +{{< code-toggle file=hugo >}} copyright = "© 2015 Jane Doe. <a href=\"https://creativecommons.org/licenses/by/4.0/\">Some rights reserved</a>." {{< /code-toggle >}} diff --git a/content/en/functions/safe/HTMLAttr.md b/content/en/functions/safe/HTMLAttr.md index 7d1b06c47..6e1fd2af7 100644 --- a/content/en/functions/safe/HTMLAttr.md +++ b/content/en/functions/safe/HTMLAttr.md @@ -1,29 +1,24 @@ --- title: safe.HTMLAttr -linkTitle: safeHTMLAttr -description: Declares the provided string as a safe HTML attribute. -categories: [functions] +description: Declares the given key/value pair as a safe HTML attribute. +categories: [] keywords: [] -menu: - docs: - parent: functions -function: +action: aliases: [safeHTMLAttr] + related: + - functions/safe/CSS + - functions/safe/HTML + - functions/safe/JS + - functions/safe/JSStr + - functions/safe/URL returnType: template.HTMLAttr signatures: [safe.HTMLAttr INPUT] -relatedFunctions: - - safe.CSS - - safe.HTML - - safe.HTMLAttr - - safe.JS - - safe.JSStr - - safe.URL aliases: [/functions/safehtmlattr] --- Given a site configuration that contains this menu entry: -{{< code-toggle file="hugo" >}} +{{< code-toggle file=hugo >}} [[menu.main]] name = "IRC" url = "irc://irc.freenode.net/#golang" @@ -35,7 +30,7 @@ Attempting to use the `url` value directly in an attribute: {{ range site.Menus.main }} <a href="{{ .URL }}">{{ .Name }}</a> {{ end }} -``` +``` Will produce: diff --git a/content/en/functions/safe/JS.md b/content/en/functions/safe/JS.md index e679b5f85..65279b89b 100644 --- a/content/en/functions/safe/JS.md +++ b/content/en/functions/safe/JS.md @@ -1,23 +1,18 @@ --- title: safe.JS -linkTitle: safeJS -description: Declares the provided string as a known safe JavaScript string. -categories: [functions] +description: Declares the given string as a safe JavaScript expression. +categories: [] keywords: [] -menu: - docs: - parent: functions -function: +action: aliases: [safeJS] + related: + - functions/safe/CSS + - functions/safe/HTML + - functions/safe/HTMLAttr + - functions/safe/JSStr + - functions/safe/URL returnType: template.JS signatures: [safe.JS INPUT] -relatedFunctions: - - safe.CSS - - safe.HTML - - safe.HTMLAttr - - safe.JS - - safe.JSStr - - safe.URL aliases: [/functions/safejs] --- @@ -27,5 +22,5 @@ Template authors are responsible for ensuring that typed expressions do not brea Example: Given `hash = "619c16f"` defined in the front matter of your `.md` file: -* <span class="good">`<script>var form_{{ .Params.hash | safeJS }};…</script>` → `<script>var form_619c16f;…</script>`</span> -* <span class="bad">`<script>var form_{{ .Params.hash }};…</script>` → `<script>var form_"619c16f";…</script>`</span> +* `<script>var form_{{ .Params.hash | safeJS }};…</script>` → `<script>var form_619c16f;…</script>` +* `<script>var form_{{ .Params.hash }};…</script>` → `<script>var form_"619c16f";…</script>` diff --git a/content/en/functions/safe/JSStr.md b/content/en/functions/safe/JSStr.md index 790de3a73..36d2b36fa 100644 --- a/content/en/functions/safe/JSStr.md +++ b/content/en/functions/safe/JSStr.md @@ -1,23 +1,18 @@ --- title: safe.JSStr -linkTitle: safeJSStr -description: Declares the provided string as a known safe JavaScript string. -categories: [functions] +description: Declares the given string as a safe JavaScript string. +categories: [] keywords: [] -menu: - docs: - parent: functions -function: +action: aliases: [safeJSStr] + related: + - functions/safe/CSS + - functions/safe/HTML + - functions/safe/HTMLAttr + - functions/safe/JS + - functions/safe/URL returnType: template.JSStr signatures: [safe.JSStr INPUT] -relatedFunctions: - - safe.CSS - - safe.HTML - - safe.HTMLAttr - - safe.JS - - safe.JSStr - - safe.URL aliases: [/functions/safejsstr] --- @@ -34,7 +29,6 @@ Without declaring a variable to be a safe JavaScript string: Rendered: - ```html <script> const a = "Title: " + "Lilo \u0026 Stitch"; diff --git a/content/en/functions/safe/URL.md b/content/en/functions/safe/URL.md index edc62ff9d..2ae67bd7f 100644 --- a/content/en/functions/safe/URL.md +++ b/content/en/functions/safe/URL.md @@ -1,23 +1,18 @@ --- title: safe.URL -linkTitle: safeURL -description: Declares the provided string as a safe URL or URL substring. -categories: [functions] +description: Declares the given string as a safe URL or URL substring. +categories: [] keywords: [] -menu: - docs: - parent: functions -function: +action: aliases: [safeURL] + related: + - functions/safe/CSS + - functions/safe/HTML + - functions/safe/HTMLAttr + - functions/safe/JS + - functions/safe/JSStr returnType: template.URL signatures: [safe.URL INPUT] -relatedFunctions: - - safe.CSS - - safe.HTML - - safe.HTMLAttr - - safe.JS - - safe.JSStr - - safe.URL aliases: [/functions/safeurl] --- @@ -27,7 +22,7 @@ Without `safeURL`, only the URI schemes `http:`, `https:` and `mailto:` are cons The following examples use a [site `hugo.toml`][configuration] with the following [menu entry][menus]: -{{< code-toggle file="hugo" copy=false >}} +{{< code-toggle file=hugo >}} [[menu.main]] name = "IRC: #golang at freenode" url = "irc://irc.freenode.net/#golang" @@ -35,7 +30,7 @@ url = "irc://irc.freenode.net/#golang" The following is an example of a sidebar partial that may be used in conjunction with the preceding front matter example: -{{< code file="layouts/partials/bad-url-sidebar-menu.html" copy=false >}} +{{< code file=layouts/partials/bad-url-sidebar-menu.html >}} <!-- This unordered list may be part of a sidebar menu --> <ul> {{ range .Site.Menus.main }} @@ -55,7 +50,7 @@ This partial would produce the following HTML output: The odd output can be remedied by adding ` | safeURL` to our `.URL` page variable: -{{< code file="layouts/partials/correct-url-sidebar-menu.html" copy=false >}} +{{< code file=layouts/partials/correct-url-sidebar-menu.html >}} <!-- This unordered list may be part of a sidebar menu --> <ul> <li><a href="{{ .URL | safeURL }}">{{ .Name }}</a></li> diff --git a/content/en/functions/safe/_index.md b/content/en/functions/safe/_index.md new file mode 100644 index 000000000..f80a2cff4 --- /dev/null +++ b/content/en/functions/safe/_index.md @@ -0,0 +1,14 @@ +--- +title: Safe functions +linkTitle: safe +description: Template functions to declare a value as safe in the context of Go's html/template package. +categories: [] +keywords: [] +menu: + docs: + parent: functions +--- + +Use these functions to declare a value as safe in the context of Go's [html/template] package. + +[html/template]: https://pkg.go.dev/html/template |