hey,
i’m building a public form that triggers a build with the submitted data.
Now, where or how do I escape this string?
Do I escape it before putting it in the data folder?
Or can I escape in Hugo?
Cheers,
Tom
Yes you can: {{ "javascript: alert('foo');" | htmlEscape }}
1 Like