diff options
| author | Anthony Fok <foka@debian.org> | 2015-01-20 09:41:22 +0300 |
|---|---|---|
| committer | Anthony Fok <foka@debian.org> | 2015-01-20 09:41:22 +0300 |
| commit | 724cc0ddff3427a37b1fa4367880fce23bb4f1f8 (patch) | |
| tree | b2e3ffe9635b09dc36b2299bf8a91fd8cc6f202b /tpl | |
| parent | f5946ea3ddf4ae4256b0ef6a8ccf73fb9d1253cf (diff) | |
Add `safeUrl`; disable `safeHtmlAttr`; rename `safeCSS` to `safeCss`
- Add `safeUrl` template function (Fixes #347)
- Add TestSafeUrl() fashioned after @tatsushid great examples
- Disable `safeHtmlAttr` pending further discussions on its other
use cases because `safeUrl` is a cleaner solution to #347.
(There are also `safeJs` and `safeJsStr` that we could implement
if there are legitimate demands for them.)
- Rename `safeCSS` to `safeCss` (to follow the convention of `safeHtml`)
- Add/expand documentation on `safeHtml`, `safeCss` and `safeUrl`
Diffstat (limited to 'tpl')
| -rw-r--r-- | tpl/template.go | 12 | ||||
| -rw-r--r-- | tpl/template_test.go | 44 |
2 files changed, 49 insertions, 7 deletions
diff --git a/tpl/template.go b/tpl/template.go index 819343a97..9574adb9c 100644 --- a/tpl/template.go +++ b/tpl/template.go @@ -910,14 +910,20 @@ func SafeHtml(text string) template.HTML { return template.HTML(text) } +// "safeHtmlAttr" is currently disabled, pending further discussion +// on its use case. 2015-01-19 func SafeHtmlAttr(text string) template.HTMLAttr { return template.HTMLAttr(text) } -func SafeCSS(text string) template.CSS { +func SafeCss(text string) template.CSS { return template.CSS(text) } +func SafeUrl(text string) template.URL { + return template.URL(text) +} + func doArithmetic(a, b interface{}, op rune) (interface{}, error) { av := reflect.ValueOf(a) bv := reflect.ValueOf(b) @@ -1251,8 +1257,8 @@ func init() { "isset": IsSet, "echoParam": ReturnWhenSet, "safeHtml": SafeHtml, - "safeHtmlAttr": SafeHtmlAttr, - "safeCSS": SafeCSS, + "safeCss": SafeCss, + "safeUrl": SafeUrl, "markdownify": Markdownify, "first": First, "where": Where, diff --git a/tpl/template_test.go b/tpl/template_test.go index f857e6341..159d6cf53 100644 --- a/tpl/template_test.go +++ b/tpl/template_test.go @@ -898,7 +898,7 @@ func TestSafeHtmlAttr(t *testing.T) { } } -func TestSafeCSS(t *testing.T) { +func TestSafeCss(t *testing.T) { for i, this := range []struct { str string tmplStr string @@ -910,6 +910,42 @@ func TestSafeCSS(t *testing.T) { tmpl, err := template.New("test").Parse(this.tmplStr) if err != nil { t.Errorf("[%d] unable to create new html template %q: %s", this.tmplStr, err) + continue + } + + buf := new(bytes.Buffer) + err = tmpl.Execute(buf, this.str) + if err != nil { + t.Errorf("[%d] execute template with a raw string value returns unexpected error: %s", i, err) + } + if buf.String() != this.expectWithoutEscape { + t.Errorf("[%d] execute template with a raw string value, got %v but expected %v", i, buf.String(), this.expectWithoutEscape) + } + + buf.Reset() + err = tmpl.Execute(buf, SafeCss(this.str)) + if err != nil { + t.Errorf("[%d] execute template with an escaped string value by SafeCss returns unexpected error: %s", i, err) + } + if buf.String() != this.expectWithEscape { + t.Errorf("[%d] execute template with an escaped string value by SafeCss, got %v but expected %v", i, buf.String(), this.expectWithEscape) + } + } +} + +func TestSafeUrl(t *testing.T) { + for i, this := range []struct { + str string + tmplStr string + expectWithoutEscape string + expectWithEscape string + }{ + {`irc://irc.freenode.net/#golang`, `<a href="{{ . }}">IRC</a>`, `<a href="#ZgotmplZ">IRC</a>`, `<a href="irc://irc.freenode.net/#golang">IRC</a>`}, + } { + tmpl, err := template.New("test").Parse(this.tmplStr) + if err != nil { + t.Errorf("[%d] unable to create new html template %q: %s", this.tmplStr, err) + continue } buf := new(bytes.Buffer) @@ -922,12 +958,12 @@ func TestSafeCSS(t *testing.T) { } buf.Reset() - err = tmpl.Execute(buf, SafeCSS(this.str)) + err = tmpl.Execute(buf, SafeUrl(this.str)) if err != nil { - t.Errorf("[%d] execute template with an escaped string value by SafeCSS returns unexpected error: %s", i, err) + t.Errorf("[%d] execute template with an escaped string value by SafeUrl returns unexpected error: %s", i, err) } if buf.String() != this.expectWithEscape { - t.Errorf("[%d] execute template with an escaped string value by SafeCSS, got %v but expected %v", i, buf.String(), this.expectWithEscape) + t.Errorf("[%d] execute template with an escaped string value by SafeUrl, got %v but expected %v", i, buf.String(), this.expectWithEscape) } } } |