Integrity

Arif · October 30, 2023, 4:11pm

Is the + supposed to be there? Looks like it is escaped.

integrity="sha256-y&#43;TfdhEVwthoVFNCWOZuPkFGiHzyMLyTrKxGXc6js0o="

jmooring · October 30, 2023, 4:50pm

For the record, this isn’t anything new (i.e., not a bug in v0.120.0).
https://github.com/gohugoio/hugo/issues/10025

Escaping the plus sign to an HTML entity is not a problem; Go’s html/template package is doing this. Test in your browser console; no errors.

Arif · October 30, 2023, 7:50pm

Alright. Will explore the printf method

github.com/gohugoio/hugo

Go templates escaping plus sign in .Data.Integrity

opened 11:25PM - 16 Jun 22 UTC

closed 01:51AM - 20 May 23 UTC

mcexit

Upstream Outdated

### What version of Hugo are you using (`hugo version`)? <pre> $ hugo versio…n hugo v.0.100.2+extended </pre> ### Does this issue reproduce with the latest release? Yes ### Description While this issue may or may not cause issues, it doesn't appear to be standard[^1][^2]. It is also likely to fail if that value were to be used outside of the browser for some reason. Example: ```HTML {{- $stylesheet := fingerprint (toCSS (dict "targetPath" "style.css") (resources.Get "sass/main.scss")) }} <link href="{{ $stylesheet.RelPermalink }}" integrity="{{ $stylesheet.Data.Integrity }}" rel="stylesheet"> ``` Renders as: > Note the `+` ```HTML <link href="./style.6475f1934962b1b03d102f80c8ad2c662d2e432e92ce430dd577377da694fb23.css" integrity="sha256-ZHXxk0lisbA9EC+AyK0sZi0uQy6SzkMN1Xc3faaU+yM=" rel="stylesheet"> ``` [^1]: https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity [^2]: https://w3c.github.io/webappsec-subresource-integrity/

jmooring · October 30, 2023, 7:54pm

Will explore the printf method

You’ll need to pass it through safeHTMLAttr…

<element {{- printf " some-attribute=%q" $value | safeHTMLAttr}}>

Arif · October 30, 2023, 7:59pm

Thanks. Do local/same-origin resources really need the integrity check btw?

system · November 1, 2023, 7:59pm

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Hugo escaping + char support	3	557	May 22, 2020
Sha256 question support	11	613	February 2, 2019
Fingerprint SRI outputs html-codes support	10	578	February 24, 2021
Escape character problem support	2	1726	August 6, 2015
Prolem outputting special characters in JSON support	8	1178	May 27, 2020

Integrity

Related topics