Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ISO8601 issue with internal template #5236

Closed
akshaybabloo opened this issue Sep 21, 2018 · 8 comments

Comments

@akshaybabloo
Copy link
Contributor

commented Sep 21, 2018

This might not be much of an issue, but when using the internal template such as OpenGraph the datetime's offset + or - is not shown. Example

date: 2018-09-20T16:37:20+12:00

is shown as

<meta property="og:updated_time" content="2018-09-20T16:37:20&#43;12:00"/>

Instead of

<meta property="og:updated_time" content="2018-09-20T16:37:20+12:00"/>

I am using Hugo v0.48/extended windows/amd64.

@bep

This comment has been minimized.

Copy link
Member

commented Sep 21, 2018

How is this a problem?

@rdwatters

This comment has been minimized.

Copy link
Contributor

commented Sep 21, 2018

@akshaybabloo.

FYI, the escaped HTML for + wasn't an issue when I tested it locally using Facebook's OGP's debugger. It still converted to UNIX time effectively.

@felicianotech

This comment has been minimized.

Copy link
Contributor

commented Sep 21, 2018

Hey. This is an issue because safeHTMLAttr shouldn't escape "+"s but it is. I see two components here:

  1. The line in Hugo doing this is using safeHTML when it should probably be using safeHTMLAttr.
    • shouldn't be escaped. This isn't a Hugo issue though as I have tracked it to the html/template Go package. I'm investigating if I can do a PR upstream if I understand it well enough.
@felicianotech

This comment has been minimized.

Copy link
Contributor

commented Sep 21, 2018

This issue clearly isn't anything major but I made an upstream PR to have Go's html/template stop escaping plus signs and then a PR for Hugo to use the right function.

@akshaybabloo

This comment has been minimized.

Copy link
Contributor Author

commented Sep 25, 2018

This did not fix the issue. I still get

<meta property="og:updated_time" content="2018-09-20T16:37:20&#43;12:00"/>

but this on template works:

{{ print "2018-09-20T16:37:20+12:00" | safeHTML }}
@akshaybabloo

This comment has been minimized.

Copy link
Contributor Author

commented Sep 25, 2018

@rdwatters True, but just for the sake of consistency.

@akshaybabloo

This comment has been minimized.

Copy link
Contributor Author

commented Sep 25, 2018

@felicianotech It's not working for me still.

@felicianotech

This comment has been minimized.

Copy link
Contributor

commented Sep 25, 2018

@akshaybabloo It's not going to until the upstream PR that I linked is merged and a new Hugo release based on that new Go version is released as well.

rhcarvalho added a commit to rhcarvalho/hugo that referenced this issue Apr 22, 2019

tpl: Fix internal templates usage of safeHTMLAttr
The `safeHTMLAttr` function operates on a full attribute definition, not
just within the attribute value.

Docs: https://gohugo.io/functions/safehtmlattr/

For `opengraph.html`, run the whole `content` HTML attribute through
`safeHTMLAttr`. That will preserve `+` signs in formatted dates.

For `vimeo_simple.html`, `safeHTMLAttr` was in the context of an
attribute value, thus having no effect. In this case we could replace it
with `safeURL`, but since the code is coming from an API it is safer to
just let Go's template engine sanitize the value as it already does with
`provider_url`.

Fixes gohugoio#5236 (no need to change Go upstream)
Related to gohugoio#5246

bep added a commit that referenced this issue May 17, 2019

tpl: Fix internal templates usage of safeHTMLAttr
The `safeHTMLAttr` function operates on a full attribute definition, not
just within the attribute value.

Docs: https://gohugo.io/functions/safehtmlattr/

For `opengraph.html`, run the whole `content` HTML attribute through
`safeHTMLAttr`. That will preserve `+` signs in formatted dates.

For `vimeo_simple.html`, `safeHTMLAttr` was in the context of an
attribute value, thus having no effect. In this case we could replace it
with `safeURL`, but since the code is coming from an API it is safer to
just let Go's template engine sanitize the value as it already does with
`provider_url`.

Fixes #5236 (no need to change Go upstream)
Related to #5246
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
4 participants
You can’t perform that action at this time.