Escaping in shortcode

I’m trying to define a short code to enable syntax highlighting via Google’s prettify.js:

<pre class="prettyprint linenums"><code class="language-{{ .Get 0 }}">{{ .Inner }}</code></pre>

Using it with Java code renders nicely. But for XML or HTML it’s missing the escaping of “<”, “>” etc. So I added a call to htmlEscape() to the short code:

<pre class="prettyprint linenums"><code class="language-{{ .Get 0 }}">{{ htmlEscape .Inner }}</code></pre>

But strangely this escapes the inner content twice. E.g. this contents in my Markdown file

{{< prettify xml >}}<some-xml>...</some-xml>{{< /prettify >}}

Will be rendered into

<pre class="prettyprint linenums"><code class="language-xml">
    &amp;lt;some-xml&amp;gt;...&amp;lt;/some-xml&amp;gt;
</code></pre>

Instead of the desired

<pre class="prettyprint linenums"><code class="language-xml">
    &lt;some-xml&gt;...&lt;/some-xml&gt;
</code></pre>

I.e. the “&” character of an escape symbol such as “&lt;” is escaped another time with “&amp;”. What am I doing wrong here?

I would use the {{%%}} style shortcode to let the renderer know it needs further processing and then wrap your code in single or triple backticks per typical markdown syntax.

Hi, thanks for the advice. I’ve found an alternative which is a tad easier to use (no backticks needed):

<pre class="prettyprint linenums"><code class="language-{{ .Get 0 }}">{{ htmlEscape .Inner | safeHTML }}</code></pre>

I.e. feeding the output of htmlEscape through safeHTML to avoid further escaping. It’s not clear to me why the call to htmlEscape is needed at all as escaping should happen by default, but it does the trick.