英文:
Whitelist tags exempt from escaping using Go's html/template
问题
将一个[]byte传递到模板中,作为一个论坛式Web应用程序中消息帖子的正文。在模板中,调用一个方法将其转换为字符串,并在此过程中,将所有换行符替换为换行符:
<p>{{.BodyString}}</p>
...
func (p *Post) BodyString() string {
nl := regexp.MustCompile(`\n`)
return nl.ReplaceAllString(string(p.Body), `<br>`)
}
最终结果如下:
paragraphs <br> <br>in <br> <br>this <br> <br>post
我不想使用HTML(p.Body)将整个帖子传递进去,因为它代表来自潜在不可信源的第三方数据。是否有一种方法可以使用原始的Go1模板包仅允许某些标签进行格式化?
英文:
Pass a []byte into a template as the body of a message post on a forum-style web app. In the template, call a method to convert to string and along the way, switch out all newlines for line breaks:
<p>{{.BodyString}}</p>
...
func (p *Post) BodyString() string {
nl := regexp.MustCompile(`\n`)
return nl.ReplaceAllString(string(p.Body), `<br>`)
}
What you'll end up with:
paragraphs <br> <br>in <br> <br>this <br> <br>post
I don't want to pass the entire post in with HTML(p.Body), as it represents third party data from potentially untrustworthy sources. Is there a way to whitelist only some tags for formatting purposes using the vanilla Go1 template package?
答案1
得分: 2
我确实认为你想解析HTML。exp/html中的HTML解析器被认为是不完整的,因此在Go 1中被移除了,尽管exp树仍然在Go源代码树中,并且可以通过每周标签进行访问,例如。我不知道具体缺少什么。我曾经用它来完成一个简单的任务,满足了我的需求。
当然,还要检查仪表板并查看相关的SO帖子,https://stackoverflow.com/questions/9986329/any-smart-method-to-get-exp-html-back-after-go1/,主要是为了推荐http://code.google.com/p/go-html-transform/。
英文:
I do think you want to parse the HTML. The HTML parser in exp/html was deemed incomplete and so removed from Go 1, although the exp tree is still in the Go source tree and can be accessed by weekly tag, for example. I don't know exactly what is incomplete. I used it for a simple task once and it met my needs.
Also of course, check the dashboard and see related SO post, https://stackoverflow.com/questions/9986329/any-smart-method-to-get-exp-html-back-after-go1/, mostly for the recomendation of http://code.google.com/p/go-html-transform/
答案2
得分: 1
我很抱歉,模板包无法提供太多帮助。如果您想要删除特定的(黑名单)标签(或者是这些标签包围的子树),或者只允许通过特定的标签(白名单),那么我认为除了解析和重写HTML AST之外,可能没有更好的解决方案。也就是说,我们可以在某些地方看到一些疯狂的正则表达式试图做同样的事情,但我不认为那是一个“好的解决方案”,而且我怀疑它们在符合规范的HTML的一般情况下是否能够成为一个“正确”的解决方案,包括一些合法的不规则性,因为它可能被排除在正则语法类别问题之外。
英文:
I'm affraid the template package cannot help with this too much. If you want to remove specific (black-listed) tags (resp. the sub-tree enclosed by such tags) or allow to pass only specific tags (white-listed) then I think probably nothing less than parsing and rewriting the html AST can be a good solution. That said, one can see here and there some crazy REs trying to do the same, but I don't consider that a "good solution" and I doubt they can be a "correct" solution in the general case of a specs conforming HTML, including several legal irregularities, as it is probably ruled out of a regular grammar category problem.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论