ref: c21e2b3b4d759bc84ba080bc35059bb51eb34144
parent: cdd6a124c2763da57108adebe079baab5958076a
author: marco <[email protected]>
date: Wed Jun 22 09:21:04 EDT 2016
tpl: Enable safeHTMLAttr See #2234 and #347
--- a/docs/content/templates/functions.md
+++ b/docs/content/templates/functions.md
@@ -546,7 +546,6 @@
<p>© 2015 Jane Doe. <a href="http://creativecommons.org/licenses/by/4.0/">Some rights reserved</a>.</p>
</blockquote>
-<!--
### safeHTMLAttr
Declares the provided string as a "safe" HTML attribute
from a trusted source, for example, ` dir="ltr"`,
@@ -560,8 +559,6 @@
* `<a href="{{ .URL }}">` ⇒ `<a href="#ZgotmplZ">` (Bad!) * `<a {{ printf "href=%q" .URL | safeHTMLAttr }}>` ⇒ `<a href="irc://irc.freenode.net/#golang">` (Good!)--->
-
### safeCSS
Declares the provided string as a known "safe" CSS string
--- a/tpl/template_funcs.go
+++ b/tpl/template_funcs.go
@@ -1576,9 +1576,6 @@
}
// safeHTMLAttr returns a given string as html/template HTMLAttr content.
-//
-// safeHTMLAttr is currently disabled, pending further discussion
-// on its use case. 2015-01-19
func safeHTMLAttr(a interface{}) template.HTMLAttr {return template.HTMLAttr(cast.ToString(a))
}
@@ -1806,6 +1803,7 @@
"replaceRE": replaceRE,
"safeCSS": safeCSS,
"safeHTML": safeHTML,
+ "safeHTMLAttr": safeHTMLAttr,
"safeJS": safeJS,
"safeURL": safeURL,
"sanitizeURL": helpers.SanitizeURL,