From 9a2024322638bd715e2fee63d0cad1cba5a13258 Mon Sep 17 00:00:00 2001 From: Cameron Moore Date: Sun, 15 Nov 2015 14:30:57 -0600 Subject: [PATCH] Add SafeJS template function This commit adds a SafeJS template function. Tests and documentation are included. Fixes #1579 --- content/templates/functions.md | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/content/templates/functions.md b/content/templates/functions.md index fc6c361e6..503702290 100644 --- a/content/templates/functions.md +++ b/content/templates/functions.md @@ -456,6 +456,21 @@ Example: Given `style = "color: red;"` defined in the front matter of your `.md` Note: "ZgotmplZ" is a special value that indicates that unsafe content reached a CSS or URL context. +### safeJS + +Declares the provided string as a known "safe" Javascript string so Go +html/templates will not escape it. "Safe" means the string encapsulates a known +safe EcmaScript5 Expression, for example, `(x + y * z())`. Template authors +are responsible for ensuring that typed expressions do not break the intended +precedence and that there is no statement/expression ambiguity as when passing +an expression like `{ foo:bar() }\n['foo']()`, which is both a valid Expression +and a valid Program with a very different meaning. + +Example: Given `hash = "619c16f"` defined in the front matter of your `.md` file: + +* `` ⇒ `` (Good!) +* `` ⇒ `` (Bad!) + ### singularize Singularize the given word with a set of common English singularization rules.