Please sign in to comment.
tpl: Fix internal templates usage of safeHTMLAttr
The `safeHTMLAttr` function operates on a full attribute definition, not just within the attribute value. Docs: https://gohugo.io/functions/safehtmlattr/ For `opengraph.html`, run the whole `content` HTML attribute through `safeHTMLAttr`. That will preserve `+` signs in formatted dates. For `vimeo_simple.html`, `safeHTMLAttr` was in the context of an attribute value, thus having no effect. In this case we could replace it with `safeURL`, but since the code is coming from an API it is safer to just let Go's template engine sanitize the value as it already does with `provider_url`. Fixes #5236 (no need to change Go upstream) Related to #5246
- Loading branch information...
Showing with 12 additions and 10 deletions.
Oops, something went wrong.