一尘不染

Golang中的HTML模板

go

我正在按照本教程进行学习: golang教程-
Wiki,
并且我设法使除“其他任务”部分中的最后一点之外的所有内容都起作用。我对本教程的实现:

package main

import (
    "fmt"
    "io/ioutil"
    "net/http"
    "html/template"
    "regexp"
)

type Page struct {
    Title string
    Body []byte
}

func (p *Page) save() error {
    filename := "data/" + p.Title + ".txt"
    return ioutil.WriteFile(filename, p.Body, 0600)
}

func loadPage(title string) (*Page, error) {
    filename := "data/" + title + ".txt"
    body, err := ioutil.ReadFile(filename)
    if err != nil {
        return nil, err
    }
    return &Page{Title: title, Body: body}, nil
}

func renderTemplate(w http.ResponseWriter, tmpl string, p *Page) {
    t, _ := template.ParseFiles("template/" + tmpl + ".html");
    t.Execute(w, p)
}

func viewHandler(w http.ResponseWriter, r *http.Request) {
    title := r.URL.Path[len("/view/"):]
    p, err := loadPage(title)
    if err != nil {
        http.Redirect(w, r, "/edit/" + title, http.StatusFound);
        return
    }
    expr := regexp.MustCompile(`\[.+\]`)
    p.Body = expr.ReplaceAllFunc(p.Body, func ( match []byte) []byte {
        return []byte("<a href='/view/" + string(match) + "'>" + string(match) + "</a>")
    })
    renderTemplate(w, "view", p);
}

func saveHandler(w http.ResponseWriter, r *http.Request) {
    title := r.URL.Path[len("/save/"):]
    body := r.FormValue("body")
    p := &Page{Title: title, Body: []byte(body)}
    p.save()
    http.Redirect(w, r, "/view/" + title, http.StatusFound)
}

func editHandler(w http.ResponseWriter, r *http.Request) {
    title := r.URL.Path[len("/edit/"):]
    p, err := loadPage(title);

    if err != nil {
        p = &Page{Title: title}
    }
    renderTemplate(w, "edit", p);
}

func main() {
    http.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
        http.Redirect(w, r, "/view/index", http.StatusFound)    
        })
    http.HandleFunc("/view/", viewHandler)
    http.HandleFunc("/edit/", editHandler)
    http.HandleFunc("/save/", saveHandler)
    http.ListenAndServe(":8080", nil)
    fmt.Println("Running");
}

html / template引擎会按预期方式打印定位标记,但会使用html实体对其进行转义。我还没有找到合适的方法。


阅读 244

收藏
2020-07-02

共1个答案

一尘不染

使用template.HTML将正文标记为安全HTML。

以下函数将正文转换为HTML。

// Move to package-level variable so that it's compile once.
var linkPat = regexp.MustCompile(`\[.+\]`)

func toHTML(s string) template.HTML {

  // Escape everything in the string first to ensure that
  // special characters ('<' for example) are displayed as
  // characters and not treated as markup.
  s = template.HTMLEscapeString(s)

  // Insert the links.
  s = linkPat.ReplaceAllStringFunc(s, func(m string) string {
    s = s[1 : len(s)-1]
    return "<a href='/view/" + m + "'>" + m + "</a>"
  })

  return template.HTML(s)
}

使用以下方式渲染页面:

renderTemplate(w, "edit", map[string]interface{}{
   "Title": p.Body,
   "Body": toHTML(p.Body),
})
2020-07-02