docs/content/en/functions/safe/HTML.md


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39

---
title: safe.HTML
description: Declares the given string as a safeHTML string.
categories: []
keywords: []
action:
  aliases: [safeHTML]
  related:
    - functions/safe/CSS
    - functions/safe/HTMLAttr
    - functions/safe/JS
    - functions/safe/JSStr
    - functions/safe/URL
  returnType: template.HTML
  signatures: [safe.HTML INPUT]
aliases: [/functions/safehtml]
---

It should not be used for HTML from a third-party, or HTML with unclosed tags or comments.

Given a site-wide [`hugo.toml`][config] with the following `copyright` value:

{{< code-toggle file=hugo >}}
copyright = "© 2015 Jane Doe.  <a href=\"https://creativecommons.org/licenses/by/4.0/\">Some rights reserved</a>."
{{< /code-toggle >}}

`{{ .Site.Copyright | safeHTML }}` in a template would then output:

```html
© 2015 Jane Doe.  <a href="https://creativecommons.org/licenses/by/4.0/">Some rights reserved</a>.
```

However, without the `safeHTML` function, html/template assumes `.Site.Copyright` to be unsafe and therefore escapes all HTML tags and renders the whole string as plain text:

```html
<p>© 2015 Jane Doe.  &lt;a href=&#34;https://creativecommons.org/licenses by/4.0/&#34;&gt;Some rights reserved&lt;/a&gt;.</p>
```

[config]: /getting-started/configuration/