HUGO

Understanding HTML Codes and generated output

Quick question: In a markdown post, I have a title = "Surely You're Joking, Mr. Feynman!"

When viewing page source, the generated HTML is Surely You're Joking, Mr. Feynman!

Why is the ' translated into '? And what can I do so that it doesn’t output the apostrophe as HTML code?

I have the following set in config.toml

[markup.goldmark.renderer]
  unsafe = true

To prevent this:

+++
title = "<script>alert('you have been pwned')</script>"
date = 2020-09-14T15:10:15-04:00
draft = false
+++

See https://golang.org/pkg/html/template/.

<h1>{{ .Title | safeHTML }}</h1>
1 Like

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.