On Sunday, 18 December 2016 11:16:23 UTC+2, mhh...@gmail.com wrote: > > Thanks a lot! I ve been playing a bit with it, for some simple cases it > worked great. > > Though, i looked into the html/template, am i correct to understand that > the html security layer consist of adding new cmds (of escaping) > on the relevant nodes ? > https://golang.org/src/html/template/escape.go#L221 > > Its all private, so i m bit concerned about how i m going to manage that. >
Yeah, there are a lot of different rules for escaping -- you can take a look at https://rawgit.com/mikesamuel/sanitized-jquery-templates/trunk/safetemplate.html for more information on sanitization. But essentially, yes, to be fully compliant, you would need to reimplement the html/template package. + Egon -- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.