Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

html/template: Some characters cannot be used in the template. #65289

Closed
k-takeuchi220 opened this issue Jan 25, 2024 · 1 comment
Closed

html/template: Some characters cannot be used in the template. #65289

k-takeuchi220 opened this issue Jan 25, 2024 · 1 comment

Comments

@k-takeuchi220
Copy link

k-takeuchi220 commented Jan 25, 2024
edited

Go version

go version go1.21.1 darwin/arm64

Output of go env in your module/workspace:

GO111MODULE=''
GOARCH='arm64'
GOBIN=''
GOCACHE='/Users/ktake/Library/Caches/go-build'
GOENV='/Users/ktake/Library/Application Support/go/env'
GOEXE=''
GOEXPERIMENT=''
GOFLAGS=''
GOHOSTARCH='arm64'
GOHOSTOS='darwin'
GOINSECURE=''
GOMODCACHE='/Users/ktake/go/pkg/mod'
GONOPROXY=''
GONOSUMDB=''
GOOS='darwin'
GOPATH='/Users/ktake/go'
GOPRIVATE=''
GOPROXY='https://proxy.golang.org,direct'
GOROOT='/usr/local/go'
GOSUMDB='sum.golang.org'
GOTMPDIR=''
GOTOOLCHAIN='auto'
GOTOOLDIR='/usr/local/go/pkg/tool/darwin_arm64'
GOVCS=''
GOVERSION='go1.21.1'
GCCGO='gccgo'
AR='ar'
CC='clang'
CXX='clang++'
CGO_ENABLED='1'
GOMOD='/dev/null'
GOWORK='/Users/ktake/proj/roguelike/roguelike-fe/go.work'
CGO_CFLAGS='-O2 -g'
CGO_CPPFLAGS=''
CGO_CXXFLAGS='-O2 -g'
CGO_FFLAGS='-O2 -g'
CGO_LDFLAGS='-O2 -g'
PKG_CONFIG='pkg-config'
GOGCCFLAGS='-fPIC -arch arm64 -pthread -fno-caret-diagnostics -Qunused-arguments -fmessage-length=0 -ffile-prefix-map=/var/folders/tt/d8rpr28j4_jdcs23zjgg9ksw0000gn/T/go-build1958759893=/tmp/go-build -gno-record-gcc-switches -fno-common'

What did you do?

https://go.dev/play/p/W18cUafkh69

What did you see happen?

< is replaced by &lt; and other special characters are output as they are.

What did you expect to see?

I would expect < to be output in the same way as other special characters (>"'& etc.).
This may seem like normal behavior. I was unsure whether to report it as an issue, but I would be happy to receive an answer if it is indeed normal.
@Jorropo
Copy link
Member

Jorropo commented Jan 25, 2024
edited

This works as intended, it's escaping characters to avoid XSS vulnerabilities and other tags injections. < is a special character in html and &lt; is it's escape sequence that makes the browser understand you really meant < as text

If you don't want this feature text/template don't do this: https://go.dev/play/p/p7bt7OM_zwj

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Jorropo @k-takeuchi220