Sha256 question

Javier_Cabrera · February 1, 2019, 9:30pm

I have this string:

sha256-3edrmyuQ0w65f8gfBsqowzjJe2iM6n0nKciPUp8y+7E=

But if I view my source, the browser renders it this way:

sha256-3edrmyuQ0w65f8gfBsqowzjJe2iM6n0nKciPUp8y&amp;#43;7E=
                                               ^ wot?

Any way to make the + symbol to show instead of &#43;?? Tried anchorize (replaces the + with a - but it also replaces others) and urlize and safeHTML, none worked.

or the browser will read it OKA and I am on the clear?

bep · February 1, 2019, 9:37pm

I assume this is {{ .Data.Integrity }}? If so, what Hugo version?

Javier_Cabrera · February 1, 2019, 9:44pm

The latest version.

I’m actually not using Data.Integrity, I was just using the CDN from jQuery CDN like so:

{{ $jquery_slim := "https://code.jquery.com/jquery-3.3.1.slim.min.js" }}
{{ $jquery_slim_integrity := "sha256-3edrmyuQ0w65f8gfBsqowzjJe2iM6n0nKciPUp8y+7E=" }}

<script src="{{ $jquery_full }}" integrity="{{ $jquery_full_integrity }}" crossorigin="anonymous"></script>

I copied the data integrity from the jQuery website, not sure if I could have just used Hugo’s Data.Integrity to make that one instead of Frankenstein my inelegant solution…

bep · February 1, 2019, 10:04pm

Try

$jquery_full_integrity | safeHTMLAttr

Javier_Cabrera · February 1, 2019, 10:07pm

ahhh the + keeps showing, didn’t worked.

Jonathan_Griffin · February 1, 2019, 10:20pm

Have you tried:

$jquery_full_integrity | htmlUnescape

Javier_Cabrera · February 1, 2019, 10:22pm

Yep, but did nothing ;(

Jonathan_Griffin · February 1, 2019, 10:26pm

Thats strange, as a simple test of:

{{ $jquery_slim_integrity := "sha256-3edrmyuQ0w65f8gfBsqowzjJe2iM6n0nKciPUp8y+7E=" }}
{{ $jquery_slim_integrity | htmlUnescape}}

produces: sha256-3edrmyuQ0w65f8gfBsqowzjJe2iM6n0nKciPUp8y+7E=

Javier_Cabrera · February 1, 2019, 10:31pm

Strange indeed, I just copied your example and I still get the error. <meta charset=“utf-8”>, Hugo 0.53, firefox and chrome

I’m looking at the viewsource here, but if I look at the page yes, the + gets printed.

As far as I know, the + should be shown in the viewsource correctly? Doesn’t matter if it shows right on the rendered HTML page since it is the viewsource what matters?

Again, totally ignorant about this stuff.

Jonathan_Griffin · February 1, 2019, 10:33pm

Yeh, I did a more specific test, and viewed the source. I am now getting the same as you.

Javier_Cabrera · February 1, 2019, 10:39pm

I can easily bypass this by doing:

{{ if eq jquery_integrity "full" }}
then I simply pass the string here. Else, the slim.

But I wanted to know if I broke Hugo.

moorereason · February 2, 2019, 12:13am

You have to declare the entire attribute safe, not just the value:

<script src="{{ $jquery_full }}" {{ printf "integrity=%q" $jquery_full_integrity | safeHTMLAttr }} crossorigin="anonymous">

Technically, the src attribute could also be declared safe to avoid surprises later.

Topic		Replies	Views
Integrity support	5	278	November 1, 2023
Special characters in asset's `.Data.Integrity` support	2	426	August 20, 2018
UTF-8 character encoding when converting strings to bytes support	6	1216	October 18, 2020
Backslash added to my JSON Structured Data support	5	1707	August 12, 2023
How to ignore javascript/json encoding of + sign? support	1	298	May 25, 2020

Sha256 question

Related Topics