英文:
Go rendering URL RowQuery string in a template - different behaviours
问题
我是你的中文翻译助手,以下是你要翻译的内容:
我刚开始学习Go语言,遇到了一个非常琐碎的问题,所以想请你帮忙看看,也许有人知道为什么会出现这种情况:
我想在模板中输出URL对象的查询参数字符串,但是由于变量前面有一个"?"字符,整个输出都被URL编码了。问号在Go模板中有特殊的含义吗?
输出应该是param1=value1&value2=param2,但实际输出是param1%3dvalue1%26value2%3dparam2。
英文:
I 'm new to go and I got my mind stuck with something pretty trivial, so I ask for your help, maybe anyone knows why this behaviour happens:
I want to output the query params string of an url object in a template, but apparently because of the "?" char placed in front of the variable, the (whole) output is url encoded. Does question mark has a special meaning in go templates?
instead of param1=value1&value2=param2, output is param1%3dvalue1%26value2%3dparam2
Example in go playground
答案1
得分: 6
html/template包的Go文档解释了其行为(https://golang.org/pkg/html/template/):
该包使用的安全模型假设模板作者是可信任的,而Execute的数据参数则不可信。下面提供了更多详细信息。
关于这一点,你应该仔细考虑为什么你不希望Go将这种安全行为应用于你的模板。
然后,如果你确实确定不想对字符串进行转义,请使用template.URL而不是字符串:https://play.golang.org/p/kfv2tH6WDG
英文:
The Go documentation of the html/template package explains the behaviour (https://golang.org/pkg/html/template/):
> The security model used by this package assumes that template authors are trusted, while Execute's data parameter is not. More details are provided below.
The thing about this is that you should really think twice about why you don't want Go to apply this security behaviour to your template.
Then, if you're really sure you don't want to escape the string use template.URL intead of a string: https://play.golang.org/p/kfv2tH6WDG
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论