The placeholders never show up in template output. If the data is missing, the
placeholders normally just disappear; in some cases there might be an error,
depending on exactly what type of “missing.”
Andy
> On Sep 14, 2017, at 8:14 AM, Karv Prime wrote:
>
> As it would
* Karv Prime [170913 22:01]:
> It = html/template
> "The purpose" = the one I thought I could use it for and described above.
I'm still not sure you understand the capabilities of html/template.
This playground snippet might help you:
https://play.golang.org/p/_1KSiZbwh-
I still don’t understand why automatic escaping makes html/template impractical
for the purpose you were describing. Is it because the blog post would be HTML
rather than plain text? In that case, you would need to convert it to the
template.HTML type before passing it to the template, and it
On Thursday, 14 September 2017 02:40:41 UTC+3, Karv Prime wrote:
>
> Thank you for the heads up. So it is completely impractical for the needed
> purpose.
>
> In that case it would be truly bad. That's why user input should always be
> checked. Such a blogpost shouldn't even come that far. ^^
It = html/template
"The purpose" = the one I thought I could use it for and described above.
Am Donnerstag, 14. September 2017 03:58:02 UTC+2 schrieb Andy Balholm:
>
> Why does automatic escaping make html/template completely impractical? (Or
> did I guess the antecedent of “it” incorrectly?)
>
Why does automatic escaping make html/template completely impractical? (Or did
I guess the antecedent of “it” incorrectly?)
Andy
> On Sep 13, 2017, at 4:30 PM, Karv Prime wrote:
>
> Thank you for the heads up. So it is completely impractical for the needed
> purpose.
>
Thank you for the heads up. So it is completely impractical for the needed
purpose.
In that case it would be truly bad. That's why user input should always be
checked. Such a blogpost shouldn't even come that far. ^^ Either it's
escaped before it gets to the database (not truly necessary due
You may not be aware that the html/template package does automatic escaping. So
if a template has {{.Blogpost}} and
Blogpost contains alert(“Pwned”), the result will be something
like scriptalert(Pwned)/script
Assigning to the div’s innerHTML would be bad in this case, but appending a
text
It sounds like what you’re wanting to do is basically what is called Template
Animation at
http://www.workingsoftware.com.au/page/Your_templating_engine_sucks_and_everything_you_have_ever_written_is_spaghetti_code_yes_you