Function collections.Querify Does Not Escape HTML While Hugo Is Serving

Using Hugo v.0.160.0 I found that the querify function will escape HTML when building but not when in development(server).

The official documentation shows an example output of the function with escaped HTML. This could provoke confusion when users preview the output while on server and see the unescaped HTML. They could assume that either the function is not escaping the HTML at all, or that the example missed a step using the htmlEscape function. The documentation is technically correct, and a little note on this would prevent people from opening pull requests on the documentation repo.

querifyhugoserver1920×1080 332 KB

The screenshot shows Librewolf(Firefox fork), with dev tools open showing the unescaped ampersand of one link and the escaped one from the second link. At the right one can see the template used to generate such page.

How did you test this? Did you use your browser’s dev tools to inspect the resulting element, or did you view the source?

I used the web tools and manually opening the corresponding index.html file from the public directory. Just viewed source from the browser and it does show the characters escaped.

To use Google Chrome as an example, when you inspect an element in the Elements tab, it doesn’t display the raw source. Instead, it displays the browser’s internal representation of the page. To view the raw source, either open the Sources tab, or press Ctrl+U to open the raw source in a new tab.

The raw source shows the correct characters. I suppose this is a web browser tools issue. Sorry for the inconvenience.

I suppose this is a web browser tools issue.

Yes, as I described in my previous comment.