Why am I seeing ZgotmplZ in my Go HTML template output?

When I'm calling a Go template function to output HTML, it displays ZgotmplZ.

Sample code:

http://play.golang.org/p/tfuJa_pFkm

package main

import (
	"html/template"
	"os"
)

func main() {
	funcMap := template.FuncMap{
		"printSelected": func(s string) string {
			if s == "test" {
				return `selected="selected"`
			}
			return ""
		},

		"safe": func(s string) template.HTML {
			return template.HTML(s)
		},
	}
	template.Must(template.New("Template").Funcs(funcMap).Parse(`
	<option {{ printSelected "test" }} {{ printSelected "test" | safe }} >test</option>
	`)).Execute(os.Stdout, nil)

}

Output:

<option ZgotmplZ ZgotmplZ >test</option>

"ZgotmplZ" is a special value that indicates that unsafe content reached a
CSS or URL context at runtime. The output of the example will be:

 <img src="#ZgotmplZ">

You can add a safe and attr function to the template funcMap:

package main

import (
    "html/template"
    "os"
)

func main() {
    funcMap := template.FuncMap{
	    "attr":func(s string) template.HTMLAttr{
		    return template.HTMLAttr(s)
	    },
	    "safe": func(s string) template.HTML {
		    return template.HTML(s)
	     },
    }

    template.Must(template.New("Template").Funcs(funcMap).Parse(`
    <option {{  .attr |attr }} >test</option>
        {{.html|safe}}
     `)).Execute(os.Stdout,   map[string]string{"attr":`selected="selected"`,"html":`<option selected="selected">option</option>`})
}

The output will look like:

<option selected="selected" >test</option>
<option selected="selected">option</option>

You may want to define some other functions which can convert string to template.CSS, template.JS, template.JSStr, template.URL etc.

I had similar problem with <img src="{{myfunction}}"> where myfunction return encoded image.

Finally I solved it when instead of string function return template.URL(mystring).

You are trying to output HTML in a place where template/html thinks is unsafe (for example, inside an HTML element, like this:

<option {{ printSelected }}>

I cannot find any way to convince it it is safe (including returning template.HTML instead of string); the only alternative I have found is to rewrite the template, in this example use a bool output instead:

<option {{ if printSelected }}selected{{ end }}>

package main

import (
	"html/template"
	"os"
)

type T struct {
	HTML template.HTML
	ATTR template.HTMLAttr
	URL  template.URL
	JS   template.JS
	CSS  template.CSS
}

func main() {

	data := T{
		HTML: `<div>test div</div>`,
		ATTR: `selected="selected"`,
		URL:  `https://upload.wikimedia.org/wikipedia/commons/5/53/Google_%22G%22_Logo.svg`,
		CSS:  `font-size: 15px`,
		JS:   `console.log("hello world")`,
	}

	template.Must(template.New("Template").Parse(`
		{{.HTML}}
		<option {{.ATTR}} style="{{.CSS}}">test</option>
		<script>{{.JS}}</script>
		<img src="{{.URL}}">
	`)).Execute(os.Stdout, data)
}

output

<div>test div</div>
<option selected="selected" style="font-size: 15px">test</option>
<script>console.log("hello world")</script>
<img src="https://upload.wikimedia.org/wikipedia/commons/5/53/Google_%22G%22_Logo.svg">

playground Example

easiest way:

import "html/template"
yourhref = template.URL(yourhref)

You should wrap the string in an HTMLAttr, which was designed for text that gets injected in between angle brackets. Per the documentation:

https://golang.org/pkg/html/template/#HTMLAttr

> HTMLAttr encapsulates an HTML attribute from a trusted source, for example,  dir="ltr".
>
> Use of this type presents a security risk: the encapsulated content should come from a trusted source, as it will be included verbatim in the template output.
>
>type HTMLAttr string

I was trying to insert an image from frontmatter into my template but kept getting the same error. I solved it thus:

{{ if isset .Params "image" }}
    {{ $myVar := print .Params.image }}
    <img src="{{ $myVar }}">
{{ end }}

Notice that I first save the .Params.image as a variable, and then insert it as my src.