tpl: Enable safeHTMLAttr

See #2234 and #347

diff --git a/docs/content/templates/functions.md b/docs/content/templates/functions.md
index 7b6e0a3ee97c2ad41d9cbba8f01f40c6e1acea1d..84767b2247746342b2963a633391d772a9d27675 100644 (file)
--- a/docs/content/templates/functions.md
+++ b/docs/content/templates/functions.md
@@ -546,7 +546,6 @@ rendering the whole string as plain-text like this:
 <p>© 2015 Jane Doe.  &lt;a href=&#34;http://creativecommons.org/licenses/by/4.0/&#34;&gt;Some rights reserved&lt;/a&gt;.</p>
 </blockquote>
 
-<!--
 ### safeHTMLAttr
 Declares the provided string as a "safe" HTML attribute
 from a trusted source, for example, ` dir="ltr"`,
@@ -560,8 +559,6 @@ Example: Given a site-wide `config.toml` that contains this menu entry:
 
 * `<a href="{{ .URL }}">` ⇒ `<a href="#ZgotmplZ">` (Bad!)
 * `<a {{ printf "href=%q" .URL | safeHTMLAttr }}>` ⇒ `<a href="irc://irc.freenode.net/#golang">` (Good!)
--->
-
 
 ### safeCSS
 Declares the provided string as a known "safe" CSS string

diff --git a/tpl/template_funcs.go b/tpl/template_funcs.go
index 80ecdfe0c171f45f3cee1938aa30751335194751..db785cbc01907274beb0c60a55cf3f38e794cf03 100644 (file)
--- a/tpl/template_funcs.go
+++ b/tpl/template_funcs.go
@@ -1576,9 +1576,6 @@ func readDirFromWorkingDir(i interface{}) ([]os.FileInfo, error) {
 }
 
 // safeHTMLAttr returns a given string as html/template HTMLAttr content.
-//
-// safeHTMLAttr is currently disabled, pending further discussion
-// on its use case.  2015-01-19
 func safeHTMLAttr(a interface{}) template.HTMLAttr {
        return template.HTMLAttr(cast.ToString(a))
 }
@@ -1806,6 +1803,7 @@ func init() {
                "replaceRE":    replaceRE,
                "safeCSS":      safeCSS,
                "safeHTML":     safeHTML,
+               "safeHTMLAttr": safeHTMLAttr,
                "safeJS":       safeJS,
                "safeURL":      safeURL,
                "sanitizeURL":  helpers.SanitizeURL,