英文:
GAE GO - html templates and data safety
问题
当通过在Google App Engine Go应用程序中使用html模板来显示网页时,传递的数据和/或原始模板是否会离开App Engine,还是只有最终的HTML输出?例如,如果我有一个类
type Foo struct{
Public string
Secret string
}
和一个只使用{{.Public}}参数的模板,{{.Secret}}参数是否会离开App?同样,如果有一个模板,如果通过使用{{if .Secret}}...{{end}}来显示一些特殊数据,那么当{{.Secret}}参数不存在时,有没有任何方法可以以任何方式访问HTML的那部分内容?
英文:
When displaying a webpage through the use of html templates in Google App Engine Go application, does the passed data and/or raw template ever leave the App Engine, or just the final html output? For example, if I have a class
type Foo struct{
Public string
Secret string
}
and a template that only uses {{.Public}} argument, does the {{.Secret}} argument ever leave the App? Similarly, if there is a template that displays some special data if the {{.Secret}} argument is present through the use of {{if .Secret}}...{{end}}, is there any way to access that part of the html in any way when the {{.Secret}} argument is not present?
答案1
得分: 3
这是你的Go程序解析模板。这可以在几个GAE服务器实例上进行。假设离开 GAE意味着通过公共互联网发送HTTP/S连接,那么不,你发送的输出是解析后的HTML模板。
如果在客户端接收到的最终HTML中没有包含{{if .Secret}}之后的部分,则无法访问该部分。
然而,你可以将模板及其关联的数据集编码为gob或JSON发送到客户端,让客户端解析模板。
英文:
It's your Go program that parses the template. This can take place on several GAE server instances. Assuming that leaving GAE means being sent over an HTTP/S connection over the public internet, then no - the output you send is the parsed HTML template.
It's not possible to access the part after {{if .Secret}} if it's not included in the final HTML that the client receives.
What you could do, however, would be to send the template and it's associated dataset encoded as gob or JSON over to your client, and let your client parse the template.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论