You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
There is currently no way (that I am aware of) to specify the initial escaping context
(JS or CSS, or other?) when parsing a template using html/template.
The use case where this would be useful is when treating JS or CSS files as templates.
In these cases, it would seem to make sense to be able to call Template.Parse() with an
initial escaping context, telling it to treat this as a JS (or other) file. Some
example use cases for treating JS or CSS files as templates are to inject translated
text into them (JS), or dynamically inlining images as data urls (CSS).
To work around this using the current system, you get something like this:
http://play.golang.org/p/J-21ux0gLE
As you can see, having this as a template:
//<script>
(function(){console.log("hello")})()
{{jsraw "//"}}</script>
is rather crufty.
It would make much more sense to lose the script tag trickery and instead when we parse,
do something like this:
t, err := t.Parse(jsInput, template.TypeJS)
The text was updated successfully, but these errors were encountered:
I think that a coarse-grained mechanism would be fine. JS, CSS, or HTML seems a
reasonable level of granularity.
I'm concerned that if we try to expose the whole context object publicly, then we risk
confusing users, expand the API unnecessarily, and possibly paint ourselves into a
corner should the languages change in radical ways (string templates in JS) or some
weird zero-day arrives.
The text was updated successfully, but these errors were encountered: