github.com/jbramsden/hugo@v0.47.1/docs/content/en/functions/safeJS.md

github.com/jbramsden/hugo@v0.47.1/docs/content/en/functions/safeJS.md (about)

     1  ---
     2  title: safeJS
     3  # linktitle:
     4  description: Declares the provided string as a known safe JavaScript string.
     5  godocref: https://golang.org/src/html/template/content.go?s=2548:2557#L51
     6  date: 2017-02-01
     7  publishdate: 2017-02-01
     8  lastmod: 2017-02-01
     9  categories: [functions]
    10  menu:
    11    docs:
    12      parent: "functions"
    13  keywords: [strings]
    14  signature: ["safeJS INPUT"]
    15  workson: []
    16  hugoversion:
    17  relatedfuncs: []
    18  deprecated: false
    19  draft: false
    20  aliases: []
    21  ---
    22  
    23  In this context, *safe* means the string encapsulates a known safe EcmaScript5 Expression (e.g., `(x + y * z())`).
    24  
    25  Template authors are responsible for ensuring that typed expressions do not break the intended precedence and that there is no statement/expression ambiguity as when passing an expression like `{ foo:bar() }\n['foo']()`, which is both a valid expression and a valid program with a very different meaning.
    26  
    27  Example: Given `hash = "619c16f"` defined in the front matter of your `.md` file:
    28  
    29  * <span class="good">`<script>var form_{{ .Params.hash | safeJS }};…</script>` &rarr; `<script>var form_619c16f;…</script>`</span>
    30  * <span class="bad">`<script>var form_{{ .Params.hash }};…</script>` &rarr; `<script>var form_"619c16f";…</script>`</span>
    31