Is safeHTML needed for plain text or output from the markdown function?

It doesn’t seem so, but it’s not clear from the doc.

Ping…

Have you found a case where it is required?

No. I’d like to clarify the doc, but I need to understand how it works first.

Sorry, my last response was a mistake. Yes, I’ve seen it required when producing HTML manually. Since markdownify produces HTML, you’d think you’d have to use safeHTML with it, but you don’t. So: I’m confused.

Please post an example where it is required.

In XML (RSS):

{{ printf "<?xml version=\"1.0\" encoding=\"utf-8\" standalone=\"yes\"?>" | safeHTML }}

{{ printf `<atom:link href="%s" rel="self" type="%s"/>` .Permalink .MediaType | safeHTML }}

<description>{{ printf "<![CDATA[%s]]>" .Content | safeHTML }}</description>

In HTML:

{{ $content := cond ($fullpages | not) ($page.Content | replaceRE `(<h[1-6] id="([^"]+)".+)(</h[1-6]+>)` (printf `${1}<a aria-label="%v" class="paige-header-link" href="#${2}">#</a>${3}` (i18n "paige_aria_section_link")) | safeHTML) $page.Content }}

If safeHTML is removed from any of these cases, the correct content is not rendered.

If you don’t think that safeHTML is ever required, then shouldn’t it be removed from the documentation so it doesn’t confuse users like me?

{{ $a := "<em>a</em>" }}
Template code Type Rendered
{{ "<em>a</em>" }} string &lt;em&gt;a&lt;/em&gt;
{{ "<em>a</em>" | safeHTML }} template.HTML <em>a</em>
{{ $a }} string &lt;em&gt;a&lt;/em&gt;
{{ $a | safeHTML }} template.HTML <em>a</em>
{{ $b := "_b_" }}
Template code Type Rendered
{{ "_b_" | markdownify }} template.HTML <em>b</em>
{{ $b | markdownify }} template.HTML <em>b</em>

So, no, I’ve never seen a need to use it with markdownify.

1 Like

Ah, I didn’t realize it just depended on the type, string vs. template.HTML. Makes sense. So safeHTML just converts string to template.HTML.

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.