Skip to main content

Attributes

Constant attributes

templ elements can have HTML attributes that use the double quote character ".

templ component() {
  <p data-testid="paragraph">Text</p>
}
Output
<p data-testid="paragraph">Text</p>

String expression attributes

Element attributes can be set to Go strings.

templ component(testID string) {
  <p data-testid={ testID }>Text</p>
}

templ page() {
  @component("testid-123")
}

Rendering the page component results in:

Output
<p data-testid="testid-123">Text</p>
note

String values are automatically HTML attribute encoded. This is a security measure, but may make the values (especially JSON appear) look strange to you, since some characters may be converted into HTML entities. However, it is correct HTML and won't affect the behavior.

It's also possible to use function calls in string attribute expressions.

Here's a function that returns a string based on a boolean input.

func testID(isTrue bool) string {
    if isTrue {
        return "testid-123"
    }
    return "testid-456"
}
templ component() {
  <p data-testid={ testID(true) }>Text</p>
}

The result:

Output
<p data-testid="testid-123">Text</p>

Functions in string attribute expressions can also return errors.

func testID(isTrue bool) (string, error) {
    if isTrue {
        return "testid-123", nil
    }
    return "", fmt.Errorf("isTrue is false")
}

If the function returns an error, the Render method will return the error along with its location.

Boolean attributes

Boolean attributes (see https://html.spec.whatwg.org/multipage/common-microsyntaxes.html#boolean-attributes) where the presence of an attribute name without a value means true, and the attribute name not being present means false are supported.

templ component() {
  <hr noshade/>
}
Output
<hr noshade>
note

templ is aware that <hr/> is a void element, and renders <hr> instead.

To set boolean attributes using variables or template parameters, a question mark after the attribute name is used to denote that the attribute is boolean.

templ component() {
  <hr noshade?={ false } />
}
Output
<hr>

Conditional attributes

Use an if statement within a templ element to optionally add attributes to elements.

templ component() {
  <hr style="padding: 10px"
    if true {
      class="itIsTrue"
    }
  />
}
Output
<hr style="padding: 10px" class="itIsTrue" />

Attribute key expressions

Use a string expression to dynamically set the key of an attribute.

templ paragraph(testID string) {
  <p { "data-" + testID }="paragraph">Text</p>
}

templ component() {
  @paragraph("testid")
}
Output
<p data-testid="paragraph">Text</p>
warning

Currently, attribute types with special handling like href, onClick, and on* are not handled differently when defined with an expression key. So if you use a string expression to set the key of an attribute, it will be treated as a normal string attribute, without type specific escaping.

Spread attributes

Use the { attrMap... } syntax in the open tag of an element to append a dynamic map of attributes to the element's attributes.

It's possible to spread any variable of type templ.Attributes. templ.Attributes is a map[string]any type definition.

  • If the value is a string, the attribute is added with the string value, e.g. <div name="value">.
  • If the value is a bool, the attribute is added as a boolean attribute if the value is true, e.g. <div name>.
  • If the value is a templ.KeyValue[string, bool], the attribute is added if the boolean is true, e.g. <div name="value">.
  • If the value is a templ.KeyValue[bool, bool], the attribute is added if both boolean values are true, as <div name>.
templ component(shouldBeUsed bool, attrs templ.Attributes) {
  <p { attrs... }>Text</p>
  <hr
    if shouldBeUsed {
      { attrs... }
    }
  />
}

templ usage() {
  @component(false, templ.Attributes{"data-testid": "paragraph"}) 
}
Output
<p data-testid="paragraph">Text</p>
<hr>

URL attributes

Attributes that expect a URL, such as <a href={ url }>, <form action={ url }>, or <img src={ url }>, have special behavior if you use a dynamic value.

templ component(p Person) {
  <a href={ p.URL }>{ strings.ToUpper(p.Name) }</a>
}

When you pass a string to these attributes, templ will automatically sanitize the input URL, ensuring that the protocol is safe (e.g., http, https, or mailto) and does not contain potentially harmful protocols like javascript:.

caution

To bypass URL sanitization, you can use templ.SafeURL(myURL) to mark that your string is safe to use.

This may introduce security vulnerabilities to your program.

If you use a constant value, e.g. <a href="javascript:alert('hello')">, templ will not modify it, and it will be rendered as is.

tip

Non-standard HTML attributes can contain URLs, for example HTMX's hx-* attributes).

To sanitize URLs in that context, use the templ.URL(urlString) function.

templ component(contact model.Contact) {
  <div hx-get={ templ.URL(fmt.Sprintf("/contacts/%s/email", contact.ID)) }>
    { contact.Name }
  </div>
}
note

In templ, all attributes are HTML-escaped. This means that:

  • & characters in the URL are escaped to &amp;.
  • " characters are escaped to &quot;.
  • ' characters are escaped to &#39;.

This done to prevent XSS attacks. For example, without escaping, if a string contained http://google.com" onclick="alert('hello')", the browser would interpret this as a URL followed by an onclick attribute, which would execute JavaScript code.

The escaping does not change the URL's functionality.

Sanitization is the process of examining the URL scheme (protocol) and structure to ensure that it's safe to use, e.g. that it doesn't contain javascript: or other potentially harmful schemes. If a URL is not safe, templ will replace the URL with about:invalid#TemplFailedSanitizationURL.

JavaScript attributes

onClick and other on* handlers have special behaviour, they expect a reference to a script template.

info

This ensures that any client-side JavaScript that is required for a component to function is only emitted once, that script name collisions are not possible, and that script input parameters are properly sanitized.

script withParameters(a string, b string, c int) {
	console.log(a, b, c);
}

script withoutParameters() {
	alert("hello");
}

templ Button(text string) {
	<button onClick={ withParameters("test", text, 123) } onMouseover={ withoutParameters() } type="button">{ text }</button>
}
Output
<script>
 function __templ_withParameters_1056(a, b, c){console.log(a, b, c);}function __templ_withoutParameters_6bbf(){alert("hello");}
</script>
<button onclick="__templ_withParameters_1056("test","Say hello",123)" onmouseover="__templ_withoutParameters_6bbf()" type="button">
 Say hello
</button>

CSS attributes

CSS handling is discussed in detail in CSS style management.

JSON attributes

To set an attribute's value to a JSON string (e.g. for HTMX's hx-vals or Alpine's x-data), serialize the value to a string using a function.

func countriesJSON() string {
	countries := []string{"Czech Republic", "Slovakia", "United Kingdom", "Germany", "Austria", "Slovenia"}
	bytes, _ := json.Marshal(countries)
	return string(bytes)
}
templ SearchBox() {
	<search-webcomponent suggestions={ countriesJSON() } />
}