英文:
Execute template without quotes in golang
问题
我想使用noescape
和无引号的方式执行模板,但是目前不支持noescape
。
有什么建议吗?还是我需要使用另一个模板引擎?谢谢!
代码在这里:http://play.golang.org/p/R-Ib5H9bXx
英文:
I'd like to execute template with noescape
and no quotes, but noescape
is not supported now.
Any suggestion or do I have to use another template engine? Thank you!
Code here: http://play.golang.org/p/R-Ib5H9bXx
答案1
得分: 4
你被鼓励将安全的JavaScript代码存储在类型**template.JS
**中:
> type JS string
>
> JS封装了一个已知安全的EcmaScript5表达式,例如(x + y * z())
。模板作者有责任确保类型化的表达式不会破坏预期的优先级,并且没有语句/表达式的歧义,例如传递一个表达式“{ foo: bar() }\n'foo'”,它既是一个有效的表达式,也是一个具有完全不同含义的有效程序。
所以,你需要对你的代码做唯一的更改:
type Var struct {
Name template.JS
Value template.JS
}
英文:
You are encouraged to store safe Javascript in the type template.JS
:
> type JS string
>
> JS encapsulates a known safe EcmaScript5 Expression,
> for example, (x + y * z())
. Template authors are responsible for
> ensuring that typed expressions do not break the intended precedence
> and that there is no statement/expression ambiguity as when passing an
> expression like "{ foo: bar() }\n'foo'", which is both a valid
> Expression and a valid Program with a very different meaning.
So, the only change you need to do to your code is:
type Var struct {
Name template.JS
Value template.JS
}
答案2
得分: 0
@ANisus的回答中还有一个小的补充。对于HTML(和CSS),也有一个类似的包装器。每当你尝试将HTML字符串传递到模板中时,它会被引用。因此,为了正确呈现安全的HTML,请使用以下代码:
yourHTML := "<strong>Hi!</strong>"
yourWrappedHTML := template.HTML(yourHTML)
// 将后者传递到你的模板中
英文:
A small addition to @ANisus answer. There is also a similar wrapper for HTML (and CSS). Whenever you try to pass an HTML string into a template, it gets quoted. So in order to render the safe HTML properly, use:
yourHTML := "<strong>Hi!</strong>"
yourWrappedHTML := template.HTML(yourHTML)
// pass the later into your template
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论