在模板中渲染URL RowQuery字符串 – 不同的行为

huangapple go评论89阅读模式
英文:

Go rendering URL RowQuery string in a template - different behaviours

问题

我是你的中文翻译助手,以下是你要翻译的内容:

我刚开始学习Go语言,遇到了一个非常琐碎的问题,所以想请你帮忙看看,也许有人知道为什么会出现这种情况:

我想在模板中输出URL对象的查询参数字符串,但是由于变量前面有一个"?"字符,整个输出都被URL编码了。问号在Go模板中有特殊的含义吗?

输出应该是param1=value1&value2=param2,但实际输出是param1%3dvalue1%26value2%3dparam2

在Go Playground中的示例

英文:

I 'm new to go and I got my mind stuck with something pretty trivial, so I ask for your help, maybe anyone knows why this behaviour happens:

I want to output the query params string of an url object in a template, but apparently because of the "?" char placed in front of the variable, the (whole) output is url encoded. Does question mark has a special meaning in go templates?

instead of param1=value1&value2=param2, output is param1%3dvalue1%26value2%3dparam2

Example in go playground

答案1

得分: 6

html/template包的Go文档解释了其行为(https://golang.org/pkg/html/template/):

该包使用的安全模型假设模板作者是可信任的,而Execute的数据参数则不可信。下面提供了更多详细信息。

关于这一点,你应该仔细考虑为什么你不希望Go将这种安全行为应用于你的模板。

然后,如果你确实确定不想对字符串进行转义,请使用template.URL而不是字符串:https://play.golang.org/p/kfv2tH6WDG

英文:

The Go documentation of the html/template package explains the behaviour (https://golang.org/pkg/html/template/):

> The security model used by this package assumes that template authors are trusted, while Execute's data parameter is not. More details are provided below.

The thing about this is that you should really think twice about why you don't want Go to apply this security behaviour to your template.

Then, if you're really sure you don't want to escape the string use template.URL intead of a string: https://play.golang.org/p/kfv2tH6WDG

huangapple
  • 本文由 发表于 2017年6月28日 18:34:40
  • 转载请务必保留本文链接:https://go.coder-hub.com/44800093.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定