Hi Gophers!
I'm currently developing Go port of Text::Xslate (http://xslate.org), which is an extremely fast and flexible template engine originally for Perl5. In recent days my Go port has been coming to a point where it's starting to be /almost/ usable -- and I've already pushed it to some small production system, and now with some prodding from my friend, I decided to share it here.
The source code can be found on github: https://github.com/lestrrat/go-xslate
Godoc is here: http://godoc.org/github.com/lestrrat/go-xslate
On Thursday, March 27, 2014 4:47:26 PM UTC+2, Daisuke Maki wrote:Hi Gophers!
I'm currently developing Go port of Text::Xslate (http://xslate.org), which is an extremely fast and flexible template engine originally for Perl5. In recent days my Go port has been coming to a point where it's starting to be /almost/ usable -- and I've already pushed it to some small production system, and now with some prodding from my friend, I decided to share it here.
What is the target audience?
If HTML, how is security handled? If it's not handled in any way add a note so that people know to take that into account... (see http://js-quasis-libraries-and-repl.googlecode.com/svn/trunk/safetemplate.html#problem_definition)
The source code can be found on github: https://github.com/lestrrat/go-xslate
Godoc is here: http://godoc.org/github.com/lestrrat/go-xslate
Compare with text/template, it's more appropriate.
2014-03-28 0:05 GMT+09:00 egon <egon...@gmail.com>:
On Thursday, March 27, 2014 4:47:26 PM UTC+2, Daisuke Maki wrote:Hi Gophers!
I'm currently developing Go port of Text::Xslate (http://xslate.org), which is an extremely fast and flexible template engine originally for Perl5. In recent days my Go port has been coming to a point where it's starting to be /almost/ usable -- and I've already pushed it to some small production system, and now with some prodding from my friend, I decided to share it here.
What is the target audience?
It's a port of ot Text::Xslate, so... users who wants to use Text::Xslate, mostly web-app type of stuff.
If HTML, how is security handled? If it's not handled in any way add a note so that people know to take that into account... (see http://js-quasis-libraries-and-repl.googlecode.com/svn/trunk/safetemplate.html#problem_definition)I assume you're talking about escaping HTML and the like?
it's automatically html escaped (currently, there's no way to configure it to NOT to do that, but I will eventually get to implement it)
The source code can be found on github: https://github.com/lestrrat/go-xslate
Godoc is here: http://godoc.org/github.com/lestrrat/go-xslate
Compare with text/template, it's more appropriate.Again, html/template should be fine, as Xslate does auto-html escaping.
--d
See this simple example how html/template sanitization varies depending on the context http://play.golang.org/p/DSAZ1z5w2n
My apologies. I sent this off-list, so resending.
See this simple example how html/template sanitization varies depending on the context http://play.golang.org/p/DSAZ1z5w2nYes, I know Xslate isn't that. But html/template or other context-sensitive sanitizing approach isn't what I want either.
Especially, if it did context-sensitive sanitization, then it wouldn't be a port of Text::Xslate.I wanted a port of Text::Xslate. We have tons of templates written in this code, and I was thinking there maybe others in my shoe. Hence I wrote:> But if you have dabbled with Template-Toolkit and/or Text::Xslate before, this may be of interest to you.
Anyway, thank you for your comments!
I'll make sure to note that people who prefer context-sensitive sanitizing shouldn't be using Xslate.