I had a look at Hugo’s embedded RSS template and noticed that the <?xml ?>
tag needs to be run through the safeHTML
function in order to avoid it being escaped by the template engine.
This puzzled me as the official documentation for Go’s html/template package says that template authors are trusted. Therefore, I would expect that the engine leaves everything that sits outside of any {{ }}
action unchanged. This seems to be wrong. There is a github issue about this, and while it is technically correct that xml files are an unsupported use case, no reasons were given for this behavior.
This worries me because I might use Hugo’s executeAsTemplate
for various assets, and now I’m afraid that doing so might have weird side effects.
Does anybody know exactly what it is the template engine is doing with the “literal” (=outside of any action) part of a template?