Merge commit 'b9bd35d72e' as 'docs'

2025-04-28 14:40:43 +03:00 · 2019-10-21 10:22:28 +02:00 · 2019-10-21 10:22:28 +02:00 · 27aef3f1fb
commit 27aef3f1fb
parent 39121de4d9 b9bd35d72e
735 changed files with 38220 additions and 0 deletions
--- a/docs/content/en/functions/safeHTML.md
+++ b/docs/content/en/functions/safeHTML.md
@ -0,0 +1,41 @@
+---
+title: safeHTML
+# linktitle:
+description: Declares a provided string as a "safe" HTML document to avoid escaping by Go templates.
+godocref: https://golang.org/src/html/template/content.go?s=1374:1385#L25
+date: 2017-02-01
+publishdate: 2017-02-01
+lastmod: 2017-02-01
+categories: [functions]
+menu:
+  docs:
+    parent: "functions"
+keywords: [strings]
+signature: ["safeHTML INPUT"]
+workson: []
+hugoversion:
+relatedfuncs: []
+deprecated: false
+---
+
+It should not be used for HTML from a third-party, or HTML with unclosed tags or comments.
+
+Given a site-wide [`config.toml`][config] with the following `copyright` value:
+
+```
+copyright = "© 2015 Jane Doe.  <a href=\"https://creativecommons.org/licenses/by/4.0/\">Some rights reserved</a>."
+```
+
+`{{ .Site.Copyright | safeHTML }}` in a template would then output:
+
+```
+© 2015 Jane Doe.  <a href="https://creativecommons.org/licenses/by/4.0/">Some rights reserved</a>.
+```
+
+However, without the `safeHTML` function, html/template assumes `.Site.Copyright` to be unsafe and therefore escapes all HTML tags and renders the whole string as plain text:
+
+```
+<p>© 2015 Jane Doe.  &lt;a href=&#34;https://creativecommons.org/licenses by/4.0/&#34;&gt;Some rights reserved&lt;/a&gt;.</p>
+```
+
+[config]: /getting-started/configuration/