Code

Pug allows you to write inline JavaScript code in your templates. There are three types of code: Unbuffered, Buffered, and Unescaped Buffered.

Unbuffered Code

Unbuffered code starts with -. It does not directly add anything to the output.

Pug also supports block unbuffered code:

Buffered Code

Buffered code starts with =. It evaluates the JavaScript expression and outputs the result. For security, buffered code is first HTML escaped.

It can also be written inline with attributes, and supports the full range of JavaScript expressions:

Unescaped Buffered Code

Unescaped buffered code starts with !=. It evaluates the JavaScript expression and outputs the result. Unescaped buffered code does not perform any escaping, so is unsafe for user input:

Unescaped buffered code can also be written inline with attributes, and supports the full range of JavaScript expressions:

Caution

Unescaped buffered code can be dangerous. You must be sure to sanitize any user inputs to avoid cross-site scripting (XSS).