125 lines
2.7 KiB
Go
125 lines
2.7 KiB
Go
|
// Copyright 2015 The Go Authors. All rights reserved.
|
||
|
// Use of this source code is governed by a BSD-style
|
||
|
// license that can be found in the LICENSE file.
|
||
|
|
||
|
// +build ignore
|
||
|
|
||
|
package template_test
|
||
|
|
||
|
import (
|
||
|
"fmt"
|
||
|
"html/template"
|
||
|
"log"
|
||
|
"os"
|
||
|
)
|
||
|
|
||
|
func Example() {
|
||
|
const tpl = `
|
||
|
<!DOCTYPE html>
|
||
|
<html>
|
||
|
<head>
|
||
|
<meta charset="UTF-8">
|
||
|
<title>{{.Title}}</title>
|
||
|
</head>
|
||
|
<body>
|
||
|
{{range .Items}}<div>{{ . }}</div>{{else}}<div><strong>no rows</strong></div>{{end}}
|
||
|
</body>
|
||
|
</html>`
|
||
|
|
||
|
check := func(err error) {
|
||
|
if err != nil {
|
||
|
log.Fatal(err)
|
||
|
}
|
||
|
}
|
||
|
t, err := template.New("webpage").Parse(tpl)
|
||
|
|
||
|
data := struct {
|
||
|
Title string
|
||
|
Items []string
|
||
|
}{
|
||
|
Title: "My page",
|
||
|
Items: []string{
|
||
|
"My photos",
|
||
|
"My blog",
|
||
|
},
|
||
|
}
|
||
|
|
||
|
err = t.Execute(os.Stdout, data)
|
||
|
check(err)
|
||
|
|
||
|
noItems := struct {
|
||
|
Title string
|
||
|
Items []string
|
||
|
}{
|
||
|
Title: "My another page",
|
||
|
Items: []string{},
|
||
|
}
|
||
|
|
||
|
err = t.Execute(os.Stdout, noItems)
|
||
|
check(err)
|
||
|
|
||
|
// Output:
|
||
|
// <!DOCTYPE html>
|
||
|
// <html>
|
||
|
// <head>
|
||
|
// <meta charset="UTF-8">
|
||
|
// <title>My page</title>
|
||
|
// </head>
|
||
|
// <body>
|
||
|
// <div>My photos</div><div>My blog</div>
|
||
|
// </body>
|
||
|
// </html>
|
||
|
// <!DOCTYPE html>
|
||
|
// <html>
|
||
|
// <head>
|
||
|
// <meta charset="UTF-8">
|
||
|
// <title>My another page</title>
|
||
|
// </head>
|
||
|
// <body>
|
||
|
// <div><strong>no rows</strong></div>
|
||
|
// </body>
|
||
|
// </html>
|
||
|
|
||
|
}
|
||
|
|
||
|
func Example_autoescaping() {
|
||
|
check := func(err error) {
|
||
|
if err != nil {
|
||
|
log.Fatal(err)
|
||
|
}
|
||
|
}
|
||
|
t, err := template.New("foo").Parse(`{{define "T"}}Hello, {{.}}!{{end}}`)
|
||
|
check(err)
|
||
|
err = t.ExecuteTemplate(os.Stdout, "T", "<script>alert('you have been pwned')</script>")
|
||
|
check(err)
|
||
|
// Output:
|
||
|
// Hello, <script>alert('you have been pwned')</script>!
|
||
|
}
|
||
|
|
||
|
func Example_escape() {
|
||
|
const s = `"Fran & Freddie's Diner" <tasty@example.com>`
|
||
|
v := []interface{}{`"Fran & Freddie's Diner"`, ' ', `<tasty@example.com>`}
|
||
|
|
||
|
fmt.Println(template.HTMLEscapeString(s))
|
||
|
template.HTMLEscape(os.Stdout, []byte(s))
|
||
|
fmt.Fprintln(os.Stdout, "")
|
||
|
fmt.Println(template.HTMLEscaper(v...))
|
||
|
|
||
|
fmt.Println(template.JSEscapeString(s))
|
||
|
template.JSEscape(os.Stdout, []byte(s))
|
||
|
fmt.Fprintln(os.Stdout, "")
|
||
|
fmt.Println(template.JSEscaper(v...))
|
||
|
|
||
|
fmt.Println(template.URLQueryEscaper(v...))
|
||
|
|
||
|
// Output:
|
||
|
// "Fran & Freddie's Diner" <tasty@example.com>
|
||
|
// "Fran & Freddie's Diner" <tasty@example.com>
|
||
|
// "Fran & Freddie's Diner"32<tasty@example.com>
|
||
|
// \"Fran & Freddie\'s Diner\" \x3Ctasty@example.com\x3E
|
||
|
// \"Fran & Freddie\'s Diner\" \x3Ctasty@example.com\x3E
|
||
|
// \"Fran & Freddie\'s Diner\"32\x3Ctasty@example.com\x3E
|
||
|
// %22Fran+%26+Freddie%27s+Diner%2232%3Ctasty%40example.com%3E
|
||
|
|
||
|
}
|