在Go中解析未转义的HTML为HTML模板

huangapple go评论83阅读模式
英文:

Parsing unescaped HTML to HTML template in Go

问题

我已经为测试创建了这个非常简单的程序。

package main

import (
	"fmt"
	"github.com/microcosm-cc/bluemonday"
	"github.com/pressly/chi"
	"github.com/russross/blackfriday"
	"github.com/unrolled/render"
	"net/http"
)

func main() {
	r := chi.NewRouter()
	r.Get("/", homepageGET)
	http.ListenAndServe(":8080", r)
}

func homepageGET(w http.ResponseWriter, r *http.Request) {
	Renderer := render.New(render.Options{
		Directory:    "frontend",
		Extensions:   []string{".tmpl", ".html"},
		UnEscapeHTML: true,
	})
	unsafe := blackfriday.MarkdownCommon([]byte("**bolded text**"))
	markdownContent := bluemonday.UGCPolicy().SanitizeBytes(unsafe)
	fmt.Print(string(markdownContent))
	Renderer.HTML(w, http.StatusOK, "index", map[string]interface{}{
		"content": fmt.Sprintf(string(markdownContent))})
}

然后,我有一个只包含以下内容的HTML文件:

<body>
  {{ .content }}
</body>

fmt.Print命令打印出"<p><strong>bolded text</strong></p>",但它被插入到HTML页面中为"&lt;p&gt;&lt;strong&gt;bolded text&lt;/strong&gt;&lt;/p&gt;"。

我认为这与转义的HTML有关,但对于unrolled/render包,我将其配置为不转义。我非常感谢任何帮助使测试程序正常工作(最好与unrolled/render一起)。

英文:

I have created this really simple program for testing.

package main

import (
	&quot;fmt&quot;
	&quot;github.com/microcosm-cc/bluemonday&quot;
	&quot;github.com/pressly/chi&quot;
	&quot;github.com/russross/blackfriday&quot;
	&quot;github.com/unrolled/render&quot;
	&quot;net/http&quot;
)

func main() {
	r := chi.NewRouter()
	r.Get(&quot;/&quot;, homepageGET)
	http.ListenAndServe(&quot;:8080&quot;, r)
}

func homepageGET(w http.ResponseWriter, r *http.Request) {
	Renderer := render.New(render.Options{
		Directory:    &quot;frontend&quot;,
		Extensions:   []string{&quot;.tmpl&quot;, &quot;.html&quot;},
		UnEscapeHTML: true,
	})
	unsafe := blackfriday.MarkdownCommon([]byte(&quot;**bolded text**&quot;))
	markdownContent := bluemonday.UGCPolicy().SanitizeBytes(unsafe)
	fmt.Print(string(markdownContent))
	Renderer.HTML(w, http.StatusOK, &quot;index&quot;, map[string]interface{}{
		&quot;content&quot;: fmt.Sprintf(string(markdownContent))})
}

And then I have a HTML file containing nothing besides:

&lt;body&gt;
  {{ .content }}
&lt;/body&gt;

The fmt.Print command prints "&lt;p&gt;&lt;strong&gt;bolded text&lt;/strong&gt;&lt;/p&gt;", whereas it's inserted into the HTML page as: "&amp;lt;p&amp;gt;&amp;lt;strong&amp;gt;bolded text&amp;lt;/strong&amp;gt;&amp;lt;/p&amp;gt;".

I believe it is related to escaped HTML, but for the unrolled/render package I configure it as unescaped.. I'd greatly appreciate any help getting the test program working (preferably together with unrolled/render).

答案1

得分: 10

在Go语言中,你可以将已知安全的HTML字符串转换为template.HTML类型,并且由于unrolled/render使用Go的html/template来渲染HTML,所以你应该只需要使用这个。

Renderer.HTML(w, http.StatusOK, "index", map[string]interface{}{
    "content": template.HTML(markdownContent),
})
英文:

In Go you can convert known safe html strings to the template.HTML type, and since unrolled/render uses Go's html/template to render html you should be able to use just that.

Renderer.HTML(w, http.StatusOK, &quot;index&quot;, map[string]interface{}{
        &quot;content&quot;: template.HTML(markdownContent),
})

huangapple
  • 本文由 发表于 2017年4月18日 04:08:23
  • 转载请务必保留本文链接:https://go.coder-hub.com/43458824.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定