Avoiding html/template's escaping of the + in <link type="application/atom+xml">

[iv...@vucica.net]

Hi

I have an HTML template where I'd like to provide <link> tags externally. I'd like to

leverage html/template's escaping for href. Therefore, it seemed easiest to just

create a struct with fields for rel, href, title and type.

Trying to just use string types means I get everything escaped. Surprisingly, this

means that + gets escaped into &#43;.

Since I've never before seen "application/atom&#43;xml", I'm not convinced that

everything I'd like interop with will correctly turn the HTML entity back into a +.

As the types don't actually vary that much currently, I am fine documenting in code that

either they should be constants, or that they should be separately sanitized. So I tried

using template.HTMLAttr and, when that failed, template.HTML to prevent escaping of the

plus.

This still gets escaped:

https://play.golang.org/p/eZxQrHy1vCE

Is this a bug? How do I avoid html/template escaping this, while still escaping

href?

[Ben Bullock]

On Sunday, 1 April 2018 05:47:09 UTC+9, iv...@vucica.net wrote:

This still gets escaped:

https://play.golang.org/p/eZxQrHy1vCE

Is this a bug? How do I avoid html/template escaping this, while still escaping

href?

Use text/template and explicitly escape the things which need to be escaped.