what's different between text/template and html/template?
3,380 views
Skip to first unread message
amir-taghavi
Nov 26, 2014, 12:47:39 PM11/26/14
to golan...@googlegroups.com
we used HTMLEscapeString And JSEscapeString for prevent sqlinjection and xss
i see in very example ,programmer import text/template or html/template
text/template there isn't on go package
what's that?
cm...@golang.org
Nov 26, 2014, 12:51:59 PM11/26/14
to golan...@googlegroups.com
Please read the documentation for yourself.
http://golang.org/pkg/text/template/ says, in the overview:
"Package template implements data-driven templates for generating textual output. To generate HTML output, see package html/template, which has the same interface as this package but automatically secures HTML output against certain attacks."
http://golang.org/pkg/html/template/ says, in the overview:
"Package template (html/template) implements data-driven templates for generating HTML output safe against code injection. It provides the same interface as package text/template and should be used instead of text/template whenever the output is HTML."
Christian von Kietzell
Nov 26, 2014, 12:54:12 PM11/26/14
to amir-taghavi, golan...@googlegroups.com
Hi,
they're both part of the standard library. From the docs of html/template:
"Package template (html/template) implements data-driven templates for generating HTML output safe against code injection."
And from text/template:
"Package template implements data-driven templates for generating textual output. To generate HTML output, see package html/template, which has the same interface as this package but automatically secures HTML output against certain attacks."
Chris
--
You received this message because you are subscribed to the Google Groups "golang-nuts" group.
To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Reply all
Reply to author
Forward
0 new messages