Go template.ExecuteTemplate include html
I have followed this tutorial: http://golang.org/doc/articles/wiki/final.go and have slightly modified it for my needs/wants. The problem is I would like to support HTML in the templates. I realize this is a security risk but it's not a concern at the moment.
The result of a page render:
<h1>this<strong>is</strong>a test</h1>
Let me explain a little bit of the code:
type Page struct {
Title string
Body []byte
}
The data I would like to have HTML is stored in Page.Body. This is type []byte which means I can't (or can I?) run html/template.HTML(Page.Body) as that function expects a string.
I have this which pre-renders the templates:
var (
templates = template.Must(template.ParseFiles("tmpl/edit.html", "tmpl/view.html"))
)
And the actual ExecuteTemplate looks like this:
err := templates.ExecuteTemplate(w, tmpl+".html", p)
Where w is w http.ResponseWriter, tmpl is tmpl string, and p is p *Page
Finally my 'view.html' (template) looks like the following:
<h1>{{.Title}}</h1>
<p>[<a href="/edit/{{.Title}}">edit</a>]</p>
<div>{{printf "%s" .Body}}</div>
Things I have tried:
-
{{printf "%s" .Body | html}}doesn't do anything - I have included
github.com/russross/blackfriday(Markdown processor) and have runp.Body = blackfriday.MarkdownCommon(p.Body)which correctly converts Markdown to HTML, but the HTML is still output as entities. -
EDIT: I have attempted the following bit of code (I don't know why the format is messed up) and it still outputs the exact same.
var s template.HTMLs = template.HTML(p.Body)p.Body = []byte(s)
Any guidance is greatly appreciated. If I'm being confusing please ask and I can modify my question.
Solution 1:
Convert your []byte or string to type template.HTML (documented here)
p.Body = template.HTML(s) // where s is a string or []byte
Then, in your template, just:
{{.Body}}
It will be printed without escaping.
EDIT
In order to be able to include HTML in you page's body you need to change the Page type declaration:
type Page struct {
Title string
Body template.HTML
}
then assign to it.
Solution 2:
Take a look at the template.HTML type. It can be used to encapsulate a known safe fragment of HTML (like the output from Markdown). The "html/template" package will not escape this this type.
type Page struct {
Title string
Body template.HTML
}
page := &Page{
Title: "Example",
Body: template.HTML(blackfriday.MarkdownCommon([]byte("foo bar")),
}
I usually write my own func Markdown(text string) html.Template method that calls blackfriday with the appropriate config and does some type conversions. Another alternative might be also to register a "html" func in the template parser, that allows you to output any value without any escaping by doing something like {{html .MySafeStr}}. The code might look like:
var tmpl = template.Must(template.New("").Funcs(template.FuncMap{
"html": func(value interface{}) template.HTML {
return template.HTML(fmt.Sprint(value))
},
}).ParseFiles("file1.html", "file2.html"))
Solution 3:
I created a custom function for the template as follows:
func noescape(str string) template.HTML {
return template.HTML(str)
}
var fn = template.FuncMap{
"noescape": noescape,
}
Then on your template:
{{ noescape $x.Body }}
Solution 4:
Here's an approach that doesn't require any changes to your existing structs, and a very minimal, additive change to your templates:
Change these lines:
var (
templates = template.Must(template.ParseFiles("tmpl/edit.html", "tmpl/view.html"))
)
to this (include a funcmap with a function that will output un-escaped HTML):
var templates = template.Must(template.New("main").Funcs(template.FuncMap{
"safeHTML": func(b []byte) template.HTML {
return template.HTML(b)
},
}).ParseFiles("tmpl/edit.html", "tmpl/view.html"))
And then just change your template HTML from this:
<div>{{printf "%s" .Body}}</div>
to this (use your new function):
<div>{{ .Body | safeHTML }}</div>
Much easier!