Re: [go-nuts] "html/dom" alternative to html/template for true separation of concerns?

The placeholders never show up in template output. If the data is missing, the placeholders normally just disappear; in some cases there might be an error, depending on exactly what type of “missing.” Andy > On Sep 14, 2017, at 8:14 AM, Karv Prime wrote: > > As it would

Re: [go-nuts] "html/dom" alternative to html/template for true separation of concerns?

* Karv Prime [170913 22:01]: > It = html/template > "The purpose" = the one I thought I could use it for and described above. I'm still not sure you understand the capabilities of html/template. This playground snippet might help you: https://play.golang.org/p/_1KSiZbwh-

Re: [go-nuts] "html/dom" alternative to html/template for true separation of concerns?

I still don’t understand why automatic escaping makes html/template impractical for the purpose you were describing. Is it because the blog post would be HTML rather than plain text? In that case, you would need to convert it to the template.HTML type before passing it to the template, and it

Re: [go-nuts] "html/dom" alternative to html/template for true separation of concerns?

On Thursday, 14 September 2017 02:40:41 UTC+3, Karv Prime wrote: > > Thank you for the heads up. So it is completely impractical for the needed > purpose. > > In that case it would be truly bad. That's why user input should always be > checked. Such a blogpost shouldn't even come that far. ^^

Re: [go-nuts] "html/dom" alternative to html/template for true separation of concerns?

It = html/template "The purpose" = the one I thought I could use it for and described above. Am Donnerstag, 14. September 2017 03:58:02 UTC+2 schrieb Andy Balholm: > > Why does automatic escaping make html/template completely impractical? (Or > did I guess the antecedent of “it” incorrectly?) >

Re: [go-nuts] "html/dom" alternative to html/template for true separation of concerns?

Why does automatic escaping make html/template completely impractical? (Or did I guess the antecedent of “it” incorrectly?) Andy > On Sep 13, 2017, at 4:30 PM, Karv Prime wrote: > > Thank you for the heads up. So it is completely impractical for the needed > purpose. >

Re: [go-nuts] "html/dom" alternative to html/template for true separation of concerns?

Thank you for the heads up. So it is completely impractical for the needed purpose. In that case it would be truly bad. That's why user input should always be checked. Such a blogpost shouldn't even come that far. ^^ Either it's escaped before it gets to the database (not truly necessary due

Re: [go-nuts] "html/dom" alternative to html/template for true separation of concerns?

You may not be aware that the html/template package does automatic escaping. So if a template has {{.Blogpost}} and Blogpost contains alert(“Pwned”), the result will be something like scriptalert(Pwned)/script Assigning to the div’s innerHTML would be bad in this case, but appending a text

Re: [go-nuts] "html/dom" alternative to html/template for true separation of concerns?

It sounds like what you’re wanting to do is basically what is called Template Animation at http://www.workingsoftware.com.au/page/Your_templating_engine_sucks_and_everything_you_have_ever_written_is_spaghetti_code_yes_you