Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ISO8601 issue with internal template #5236

Closed
akshaybabloo opened this issue Sep 21, 2018 · 10 comments · Fixed by #5887
Closed

ISO8601 issue with internal template #5236

akshaybabloo opened this issue Sep 21, 2018 · 10 comments · Fixed by #5887
Labels
Outdated

Comments

@akshaybabloo
Copy link
Contributor

This might not be much of an issue, but when using the internal template such as OpenGraph the datetime's offset + or - is not shown. Example

date: 2018-09-20T16:37:20+12:00

is shown as

<meta property="og:updated_time" content="2018-09-20T16:37:20&#43;12:00"/>

Instead of

<meta property="og:updated_time" content="2018-09-20T16:37:20+12:00"/>

I am using Hugo v0.48/extended windows/amd64.
@bep
Copy link
Member

bep commented Sep 21, 2018

How is this a problem?

@rdwatters
Copy link
Contributor

@akshaybabloo.

FYI, the escaped HTML for + wasn't an issue when I tested it locally using Facebook's OGP's debugger. It still converted to UNIX time effectively.

@FelicianoTech
Copy link
Contributor

Hey. This is an issue because safeHTMLAttr shouldn't escape "+"s but it is. I see two components here:

  1. The line in Hugo doing this is using safeHTML when it should probably be using safeHTMLAttr.
    • shouldn't be escaped. This isn't a Hugo issue though as I have tracked it to the html/template Go package. I'm investigating if I can do a PR upstream if I understand it well enough.

@FelicianoTech
Copy link
Contributor

This issue clearly isn't anything major but I made an upstream PR to have Go's html/template stop escaping plus signs and then a PR for Hugo to use the right function.

@bep bep closed this as completed in 4f9c109 Sep 21, 2018
@dependencies dependencies bot mentioned this issue Sep 24, 2018
Closed
@akshaybabloo akshaybabloo mentioned this issue Sep 25, 2018
Closed
@akshaybabloo
Copy link
Contributor Author

akshaybabloo commented Sep 25, 2018
edited
Loading

This did not fix the issue. I still get

<meta property="og:updated_time" content="2018-09-20T16:37:20&#43;12:00"/>

but this on template works:

{{ print "2018-09-20T16:37:20+12:00" | safeHTML }}

@akshaybabloo
Copy link
Contributor Author

@rdwatters True, but just for the sake of consistency.

@akshaybabloo
Copy link
Contributor Author

@FelicianoTech It's not working for me still.

@FelicianoTech
Copy link
Contributor

@akshaybabloo It's not going to until the upstream PR that I linked is merged and a new Hugo release based on that new Go version is released as well.

rhcarvalho added a commit to rhcarvalho/hugo that referenced this issue Apr 22, 2019
@rhcarvalho
tpl: Fix internal templates usage of safeHTMLAttr
2d604a7 
The `safeHTMLAttr` function operates on a full attribute definition, not
just within the attribute value.

Docs: https://gohugo.io/functions/safehtmlattr/

For `opengraph.html`, run the whole `content` HTML attribute through
`safeHTMLAttr`. That will preserve `+` signs in formatted dates.

For `vimeo_simple.html`, `safeHTMLAttr` was in the context of an
attribute value, thus having no effect. In this case we could replace it
with `safeURL`, but since the code is coming from an API it is safer to
just let Go's template engine sanitize the value as it already does with
`provider_url`.

Fixes gohugoio#5236 (no need to change Go upstream)
Related to gohugoio#5246
@rhcarvalho rhcarvalho mentioned this issue Apr 22, 2019
Merged
@gopherbot gopherbot mentioned this issue Apr 22, 2019
Closed
bep pushed a commit that referenced this issue May 17, 2019
@rhcarvalho @bep
tpl: Fix internal templates usage of safeHTMLAttr
e22b3f5 
The `safeHTMLAttr` function operates on a full attribute definition, not
just within the attribute value.

Docs: https://gohugo.io/functions/safehtmlattr/

For `opengraph.html`, run the whole `content` HTML attribute through
`safeHTMLAttr`. That will preserve `+` signs in formatted dates.

For `vimeo_simple.html`, `safeHTMLAttr` was in the context of an
attribute value, thus having no effect. In this case we could replace it
with `safeURL`, but since the code is coming from an API it is safer to
just let Go's template engine sanitize the value as it already does with
`provider_url`.

Fixes #5236 (no need to change Go upstream)
Related to #5246
@Rarst
Copy link

Rarst commented Nov 1, 2019

I've noticed that schema template is still escaping the plus and not using safeHTMLAttr:

hugo/tpl/tplimpl/embedded/templates/schema.html

Lines 5 to 6 in c3d433a

<meta itemprop="datePublished" content="{{ .PublishDate.Format $ISO8601 | safeHTML }}" />{{ end }}
{{ if not .Lastmod.IsZero }}<meta itemprop="dateModified" content="{{ .Lastmod.Format $ISO8601 | safeHTML }}" />{{ end }}

Might have been missed?

@github-actions
Copy link

This issue has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Feb 13, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
Outdated
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

tpl: Fix internal templates usage of safeHTMLAttr rhcarvalho/hugo
5 participants
@bep @Rarst @FelicianoTech @akshaybabloo @rdwatters