Understanding HTML Codes and generated output

runhide · September 14, 2020, 4:18pm

Quick question: In a markdown post, I have a title = "Surely You're Joking, Mr. Feynman!"

When viewing page source, the generated HTML is Surely You're Joking, Mr. Feynman!

Why is the ' translated into '? And what can I do so that it doesn’t output the apostrophe as HTML code?

I have the following set in config.toml

[markup.goldmark.renderer]
  unsafe = true

jmooring · September 14, 2020, 7:53pm

To prevent this:

+++
title = "<script>alert('you have been pwned')</script>"
date = 2020-09-14T15:10:15-04:00
draft = false
+++

<h1>{{ .Title | safeHTML }}</h1>

system · September 16, 2020, 7:53pm

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Escaping Meta Tag Content? Help support	23	4695	July 15, 2024
What exactly is SafeHTML doing? support	5	3584	October 29, 2016
Inline HTML comments in markdown are visible on rendered page support	3	778	March 10, 2022
Raw HTML Omitted in templates support	13	3922	March 11, 2023
A potential parsing bug when it comes to adding <pre> to HTML tags in Markdown? support	4	71	July 22, 2024