Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

proposal: x/net/html: add RawNode #36350

Closed
MagicalTux opened this issue Jan 1, 2020 · 5 comments
Closed

proposal: x/net/html: add RawNode #36350

MagicalTux opened this issue Jan 1, 2020 · 5 comments
Labels
FeatureRequest FrozenDueToAge Proposal
Milestone
Unreleased

Comments

@MagicalTux
Copy link

MagicalTux commented Jan 1, 2020
edited

html raw nodes

Sometimes there is a need after parsing HTML to insert more html contents without having to parse the added contents (for example, server side rendering of HTML code).

It should be fairly simple to add the following to x/net/html:

  • New NodeType called RawNode.
  • In Render, add a case RawNode that just calls WriteString, without any escaping.
        case RawNode:
                _, err := w.WriteString(n.Data)
                return err

(I looked at submitting a pull request, but it's just too much hassle going through gerrit for 4 lines of code)

current situation

Right now the easiest way to add raw html is through a CommentNode by including tags to end and resume comment, but this is not optimal. Adding a RawNode NodeType wouldn't have any negative impact and would allow adding raw html prior to rendering of contents for cases when HTML is obtained as is and doesn't need to be parsed.
@gopherbot gopherbot added this to the Unreleased milestone Jan 1, 2020
@smasher164 smasher164 changed the title x/net/html: html raw node feature request proposal: x/net/html: add RawNode Jan 1, 2020
@smasher164
Copy link
Member

/cc @nigeltao @namusyaka

@nigeltao
Copy link
Contributor

I'm not keen on using golang.org/x/net/html for server-side rendering. Use the standard library's html/template instead. Yes, the former has nodes and the latter is text based, but the latter is explicitly designed to render HTML securely.

@MagicalTux
Copy link
Author

We have reasons why html/template is not appropriate because it is made to render HTML securely, why we need to render HTML that has already been made secure by the underlying libraries (ie. react-dom, etc). Also, ideally we'd like to keep source files as generated automatically and not have to build specific versions for html/template, hence making golang.org/x/net/html a better bet.

Right now the way we render things is (for example):

        div.AppendChild(&html.Node{
                Type: html.CommentNode,
                Data: " begin app -->" + app + "<!-- end app ",
        })

This works fine, but I feel implementing a html.RawNode would cost virtually nothing and help for cases when people using golang.org/x/net/html want to insert pre-generated HTML, in a similar way to how json has json.RawMessage.

@gopherbot
Copy link

Change https://golang.org/cl/216800 mentions this issue: html: add the RawNode NodeType

@nigeltao
Copy link
Contributor

I was concerned about security implications, but you're right that we can already render arbitrary (insecure) HTML with a CommentNode.

Let's do this: https://golang.org/cl/216800

@golang golang locked and limited conversation to collaborators Feb 1, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
FeatureRequest FrozenDueToAge Proposal
Projects
None yet
Milestone
Unreleased
Development

No branches or pull requests
4 participants
@MagicalTux @nigeltao @gopherbot @smasher164