replacements.html

This template file from the module hugo-mod-replacements contains the regular expressions for all replacement codes.

There has been a clarifying discussion if this template may open a loophole for script attacks. I couldn’t see it myself at first, but the bottom line is simply: No.

Goldmark discards all HTML in the Markdown and also in the replacement codes with the default setting unsafe: false. These regular expressions are applied to the rendered Markdown, which gets cleared of all HTML tags before it’s transformed into HTML itself.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
{{
.
| replaceRE `\{\^([^\}]*)\}` "<sup>$1</sup>"
| replaceRE `\{\_([^\}]*)\}` "<sub>$1</sub>"
| replaceRE `\{\~([^\}]*)\}` "<kbd>$1</kbd>"
| replaceRE `\{\!([^\}]*)\}` "<mark>$1</mark>"
| replaceRE `\{\=([^\}]*)\}` "<cite>$1</cite>"
| replaceRE `\{\+([^\}]*)\}` "<ins>$1</ins>"
| replaceRE `\{\$([^\}]*)\}` "<var>$1</var>"
| replaceRE `\{s\s([^\}]*)\}` "<small>$1</small>"
| replaceRE `\{r\s([^\}]*)\}` "<span style='float: right;'>$1</span>"
| replaceRE `\{([a-z]{2})\s([^\}]*)\}` "<span lang='$1'>$2</span>"
| replaceRE `\{\/\}` "&puncsp;<br class='br-cond'>"
| replaceRE `\{w\}` "<wbr>"
| replaceRE `\s?( — |&mdash;)\s?` "  —  "
| replaceRE `(<p[^>]*>|<li[^>]*>)([“«»„])` "$1<span class='hang-quote'>$2</span>"
| safeHTML
}}

replacements.html

Hugo Module
for HTML inline tags missing in Goldmark

Inline

Stand-alone Images

The Beauty of Marginal Notes

See Also