diff options
| author | Andrew Gerrand <adg@golang.org> | 2012-04-26 11:34:54 -0700 |
|---|---|---|
| committer | Andrew Gerrand <adg@golang.org> | 2012-04-26 11:34:54 -0700 |
| commit | cbffaffa6d904df85c6e6e37179a603f57666053 (patch) | |
| tree | 5338b97d6ad5efdc001553c89a6d6744635834b2 | |
| parent | 8f2d48993ab3fc01ea9f8c994bfc092afe864681 (diff) | |
| download | go-cbffaffa6d904df85c6e6e37179a603f57666053.tar.gz go-cbffaffa6d904df85c6e6e37179a603f57666053.zip | |
[release-branch.go1] doc: update wiki article to use html/template properly.
««« CL 6116055 / d282c379aad7
doc: update wiki article to use html/template properly.
Fixes #3569.
R=golang-dev, r
CC=golang-dev
https://golang.org/cl/6116055
»»»
R=golang-dev, rsc
CC=golang-dev
https://golang.org/cl/6119055
| -rw-r--r-- | doc/articles/wiki/edit.html | 6 | ||||
| -rw-r--r-- | doc/articles/wiki/index.html | 11 | ||||
| -rw-r--r-- | doc/articles/wiki/view.html | 6 |
3 files changed, 12 insertions, 11 deletions
diff --git a/doc/articles/wiki/edit.html b/doc/articles/wiki/edit.html index c14953b17b..044c3bedea 100644 --- a/doc/articles/wiki/edit.html +++ b/doc/articles/wiki/edit.html @@ -1,6 +1,6 @@ -<h1>Editing {{.Title |html}}</h1> +<h1>Editing {{.Title}}</h1> -<form action="/save/{{.Title |html}}" method="POST"> -<div><textarea name="body" rows="20" cols="80">{{printf "%s" .Body |html}}</textarea></div> +<form action="/save/{{.Title}}" method="POST"> +<div><textarea name="body" rows="20" cols="80">{{printf "%s" .Body}}</textarea></div> <div><input type="submit" value="Save"></div> </form> diff --git a/doc/articles/wiki/index.html b/doc/articles/wiki/index.html index 52bf7e798b..6c45d7178e 100644 --- a/doc/articles/wiki/index.html +++ b/doc/articles/wiki/index.html @@ -359,10 +359,10 @@ First, we must add <code>html/template</code> to the list of imports: <pre> import ( + <b>"html/template"</b> "http" "io/ioutil" "os" - <b>"html/template"</b> ) </pre> @@ -397,10 +397,11 @@ Template directives are enclosed in double curly braces. The <code>printf "%s" .Body</code> instruction is a function call that outputs <code>.Body</code> as a string instead of a stream of bytes, the same as a call to <code>fmt.Printf</code>. -The <code>|html</code> part of each directive pipes the value through the -<code>html</code> formatter before outputting it, which escapes HTML -characters (such as replacing <code>></code> with <code>&gt;</code>), -preventing user data from corrupting the form HTML. +The <code>html/template</code> package helps guarantee that only safe and +correct-looking HTML is generated by template actions. For instance, it +automatically escapes any greater than sign (<code>></code>), replacing it +with <code>&gt;</code>, to make sure user data does not corrupt the form +HTML. </p> <p> diff --git a/doc/articles/wiki/view.html b/doc/articles/wiki/view.html index 0233915774..b1e87efe80 100644 --- a/doc/articles/wiki/view.html +++ b/doc/articles/wiki/view.html @@ -1,5 +1,5 @@ -<h1>{{.Title |html}}</h1> +<h1>{{.Title}}</h1> -<p>[<a href="/edit/{{.Title |html}}">edit</a>]</p> +<p>[<a href="/edit/{{.Title}}">edit</a>]</p> -<div>{{printf "%s" .Body |html}}</div> +<div>{{printf "%s" .Body}}</div> |