ref: cb39847dee488c373dd5bc2a3706385342a59355
dir: /content/en/functions/safeJS.md/
--- title: safeJS # linktitle: description: Declares the provided string as a known safe JavaScript string. godocref: https://golang.org/src/html/template/content.go?s=2548:2557#L51 date: 2017-02-01 publishdate: 2017-02-01 lastmod: 2017-02-01 categories: [functions] menu: docs: parent: "functions" keywords: [strings] signature: ["safeJS INPUT"] workson: [] hugoversion: relatedfuncs: [] deprecated: false draft: false aliases: [] --- In this context, *safe* means the string encapsulates a known safe EcmaScript5 Expression (e.g., `(x + y * z())`). Template authors are responsible for ensuring that typed expressions do not break the intended precedence and that there is no statement/expression ambiguity as when passing an expression like `{ foo:bar() }\n['foo']()`, which is both a valid expression and a valid program with a very different meaning. Example: Given `hash = "619c16f"` defined in the front matter of your `.md` file: * <span class="good">`<script>var form_{{ .Params.hash | safeJS }};…</script>` → `<script>var form_619c16f;…</script>`</span> * <span class="bad">`<script>var form_{{ .Params.hash }};…</script>` → `<script>var form_"619c16f";…</script>`</span>