I have two sites using the grid-side theme. One is working fine, both locally and on GitHub. The other is triggering the SafeCSS issue somewhere, and I can’t figure out why. All images are coming up like this in the public folder:
<img src="#ZgotmplZ"
I fixed this in one post by converting the YAML frontmatter to TOML - so I guess Hugo doesn’t like for the main config file to be TOML while the posts are YAML? Will I need to convert all my posts over?
To answer my own question, I had some frontmatter regarding images that was leftover from Jekyll. Hugo didn’t like it, evidently, so once it was removed/converted all is fine.
The “ZgotmplZ” string is a feature of Go HTML templates.
“ZgotmplZ” is a special value that indicates that unsafe content reached a
CSS or URL context at runtime. The output of the example will be
<img src="#ZgotmplZ">
I’m having a similar issue with a custom HTML tag.
Here’s my shortcode:
(layouts/shortcodes/xtag.html)
<x-{{ .Get 0 }}></x-{{ .Get 0 }}>
I want to use it like this: {{< xtag foo >}}
With the expected output: <x-foo></x-foo>
Instead I get <x-ZgotmplZ></x-ZgotmplZ>.
I’ve tried <x-{{ .Get 0 | safeHTML }}></x-{{ .Get 0 | safeHTML }}> with the same result.
{{ .Get 0 | safeURL }} has the same outcome as {{ .Get 0 | safeHTML }} in this context.
For now, it’s really no harder to use inline HTML in my content, and it works fine for my use-case. But this is a corner case in the template engine I wasn’t quite sure how to address.
Try using printf with safeHTML. I haven’t tested this, but something like:
{{ (printf "<x-%s></x-%s>" (.Get 0) (.Get 0)) | safeHTML }}
Go templates are very context-picky, so your injection in the middle of a tag name may be upsetting things.
Gotcha. Ah, so it’s just plain old Go template support. Nice! Works.
Yes, they’re just plain Go templates. We just add a bunch of helper functions into the template FuncMap.