Closed DannyJJK closed 6 months ago
templ follows the lead of Hugo here: https://gohugo.io/functions/safe/url/ which only allows those schemes. There was a similar issue in Hugo's repo that got closed. https://github.com/gohugoio/hugo/issues/5721
However, Wordpress has a much richer set: https://developer.wordpress.org/reference/functions/wp_allowed_protocols/
While Google's SafeHTML only blocks javascript
URLs: https://github.com/google/safehtml/blob/be23134998433fcf0135dda53593fc8f8bf4df7c/url.go#L123
I originally went with the most restrictive of the set to be safe, but after this further research, I'm happy to add tel
, ftp
and ftps
.
I'd take a PR for that if you want to contribute.
The code is here: https://github.com/a-h/templ/blob/dbbb53b6a378691d8948c0dad7e8919f28d16f9d/runtime.go#L470-L478
templ: v0.2.648
Currently trying to use this:
templ.URL("tel:" + phoneNumber)
results in:
about:invalid#TemplFailedSanitizationURL
I think this is because it only allows
http
,https
andmailto
, but I thinktel
should be added to this list. It's likemailto
but for telephone numbers, so it will open up a phone application.