Code

Pug makes it possible to write inline JavaScript code in your templates. There are three types of code.

Unbuffered Code

Unbuffered code starts with - does not add any output directly, e.g.

Pug also supports block unbuffered code:

Buffered Code

Buffered code starts with = and outputs the result of evaluating the JavaScript expression in the template. For security, it is first HTML escaped:

It can also be written inline with attributes, and supports the full range of JavaScript expressions:

Unescaped Buffered Code

Unescaped buffered code starts with != and outputs the result of evaluating the JavaScript expression in the template. This does not do any escaping, so is not safe for user input:

It can also be written inline with attributes, and supports the full range of JavaScript expressions:

Caution

Unescaped buffered code can be dangerous. You must be sure to sanitize any user inputs to avoid cross-site scripting (XSS).