Getting #ZgotmplZ for all image src= links, only on one site

I have two sites using the grid-side theme. One is working fine, both locally and on GitHub. The other is triggering the SafeCSS issue somewhere, and I can’t figure out why. All images are coming up like this in the public folder:

<img src="#ZgotmplZ"

I fixed this in one post by converting the YAML frontmatter to TOML - so I guess Hugo doesn’t like for the main config file to be TOML while the posts are YAML? Will I need to convert all my posts over?

To answer my own question, I had some frontmatter regarding images that was leftover from Jekyll. Hugo didn’t like it, evidently, so once it was removed/converted all is fine.

The “ZgotmplZ” string is a feature of Go HTML templates.

“ZgotmplZ” is a special value that indicates that unsafe content reached a
CSS or URL context at runtime. The output of the example will be
<img src="#ZgotmplZ">

I’m having a similar issue with a custom HTML tag.

Here’s my shortcode:

<x-{{ .Get 0 }}></x-{{ .Get 0 }}>

I want to use it like this: {{< xtag foo >}}

With the expected output: <x-foo></x-foo>

Instead I get <x-ZgotmplZ></x-ZgotmplZ>.

I’ve tried <x-{{ .Get 0 | safeHTML }}></x-{{ .Get 0 | safeHTML }}> with the same result.

Use safeURL. See Template Functions.

{{ .Get 0 | safeURL }} has the same outcome as {{ .Get 0 | safeHTML }} in this context.

For now, it’s really no harder to use inline HTML in my content, and it works fine for my use-case. But this is a corner case in the template engine I wasn’t quite sure how to address.

Try using printf with safeHTML. I haven’t tested this, but something like:

{{ (printf "<x-%s></x-%s>" (.Get 0) (.Get 0)) | safeHTML }}

Go templates are very context-picky, so your injection in the middle of a tag name may be upsetting things.


Gotcha. Ah, so it’s just plain old Go template support. Nice! Works.

Yes, they’re just plain Go templates. We just add a bunch of helper functions into the template FuncMap.