mirror of
https://github.com/gohugoio/hugo.git
synced 2024-11-21 20:46:30 -05:00
Add SafeHtmlAttr, SafeCSS template function
This allows a template user to keep a safe HTML attribute or CSS string as is in a template. This is implementation of @anthonyfok great insight Fix #784, #347
This commit is contained in:
parent
53b4ab4cf3
commit
f5946ea3dd
2 changed files with 150 additions and 35 deletions
|
@ -910,6 +910,14 @@ func SafeHtml(text string) template.HTML {
|
|||
return template.HTML(text)
|
||||
}
|
||||
|
||||
func SafeHtmlAttr(text string) template.HTMLAttr {
|
||||
return template.HTMLAttr(text)
|
||||
}
|
||||
|
||||
func SafeCSS(text string) template.CSS {
|
||||
return template.CSS(text)
|
||||
}
|
||||
|
||||
func doArithmetic(a, b interface{}, op rune) (interface{}, error) {
|
||||
av := reflect.ValueOf(a)
|
||||
bv := reflect.ValueOf(b)
|
||||
|
@ -1243,6 +1251,8 @@ func init() {
|
|||
"isset": IsSet,
|
||||
"echoParam": ReturnWhenSet,
|
||||
"safeHtml": SafeHtml,
|
||||
"safeHtmlAttr": SafeHtmlAttr,
|
||||
"safeCSS": SafeCSS,
|
||||
"markdownify": Markdownify,
|
||||
"first": First,
|
||||
"where": Where,
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
package tpl
|
||||
|
||||
import (
|
||||
"bytes"
|
||||
"errors"
|
||||
"fmt"
|
||||
"html/template"
|
||||
|
@ -826,3 +827,107 @@ func TestMarkdownify(t *testing.T) {
|
|||
t.Errorf("Markdownify: got '%s', expected '%s'", result, expect)
|
||||
}
|
||||
}
|
||||
|
||||
func TestSafeHtml(t *testing.T) {
|
||||
for i, this := range []struct {
|
||||
str string
|
||||
tmplStr string
|
||||
expectWithoutEscape string
|
||||
expectWithEscape string
|
||||
}{
|
||||
{`<div></div>`, `{{ . }}`, `<div></div>`, `<div></div>`},
|
||||
} {
|
||||
tmpl, err := template.New("test").Parse(this.tmplStr)
|
||||
if err != nil {
|
||||
t.Errorf("[%d] unable to create new html template %q: %s", this.tmplStr, err)
|
||||
continue
|
||||
}
|
||||
|
||||
buf := new(bytes.Buffer)
|
||||
err = tmpl.Execute(buf, this.str)
|
||||
if err != nil {
|
||||
t.Errorf("[%d] execute template with a raw string value returns unexpected error: %s", i, err)
|
||||
}
|
||||
if buf.String() != this.expectWithoutEscape {
|
||||
t.Errorf("[%d] execute template with a raw string value, got %v but expected %v", i, buf.String(), this.expectWithoutEscape)
|
||||
}
|
||||
|
||||
buf.Reset()
|
||||
err = tmpl.Execute(buf, SafeHtml(this.str))
|
||||
if err != nil {
|
||||
t.Errorf("[%d] execute template with an escaped string value by SafeHtml returns unexpected error: %s", i, err)
|
||||
}
|
||||
if buf.String() != this.expectWithEscape {
|
||||
t.Errorf("[%d] execute template with an escaped string value by SafeHtml, got %v but expected %v", i, buf.String(), this.expectWithEscape)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
func TestSafeHtmlAttr(t *testing.T) {
|
||||
for i, this := range []struct {
|
||||
str string
|
||||
tmplStr string
|
||||
expectWithoutEscape string
|
||||
expectWithEscape string
|
||||
}{
|
||||
{`href="irc://irc.freenode.net/#golang"`, `<a {{ . }}>irc</a>`, `<a ZgotmplZ>irc</a>`, `<a href="irc://irc.freenode.net/#golang">irc</a>`},
|
||||
} {
|
||||
tmpl, err := template.New("test").Parse(this.tmplStr)
|
||||
if err != nil {
|
||||
t.Errorf("[%d] unable to create new html template %q: %s", this.tmplStr, err)
|
||||
continue
|
||||
}
|
||||
|
||||
buf := new(bytes.Buffer)
|
||||
err = tmpl.Execute(buf, this.str)
|
||||
if err != nil {
|
||||
t.Errorf("[%d] execute template with a raw string value returns unexpected error: %s", i, err)
|
||||
}
|
||||
if buf.String() != this.expectWithoutEscape {
|
||||
t.Errorf("[%d] execute template with a raw string value, got %v but expected %v", i, buf.String(), this.expectWithoutEscape)
|
||||
}
|
||||
|
||||
buf.Reset()
|
||||
err = tmpl.Execute(buf, SafeHtmlAttr(this.str))
|
||||
if err != nil {
|
||||
t.Errorf("[%d] execute template with an escaped string value by SafeHtmlAttr returns unexpected error: %s", i, err)
|
||||
}
|
||||
if buf.String() != this.expectWithEscape {
|
||||
t.Errorf("[%d] execute template with an escaped string value by SafeHtmlAttr, got %v but expected %v", i, buf.String(), this.expectWithEscape)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
func TestSafeCSS(t *testing.T) {
|
||||
for i, this := range []struct {
|
||||
str string
|
||||
tmplStr string
|
||||
expectWithoutEscape string
|
||||
expectWithEscape string
|
||||
}{
|
||||
{`width: 60px;`, `<div style="{{ . }}"></div>`, `<div style="ZgotmplZ"></div>`, `<div style="width: 60px;"></div>`},
|
||||
} {
|
||||
tmpl, err := template.New("test").Parse(this.tmplStr)
|
||||
if err != nil {
|
||||
t.Errorf("[%d] unable to create new html template %q: %s", this.tmplStr, err)
|
||||
}
|
||||
|
||||
buf := new(bytes.Buffer)
|
||||
err = tmpl.Execute(buf, this.str)
|
||||
if err != nil {
|
||||
t.Errorf("[%d] execute template with a raw string value returns unexpected error: %s", i, err)
|
||||
}
|
||||
if buf.String() != this.expectWithoutEscape {
|
||||
t.Errorf("[%d] execute template with a raw string value, got %v but expected %v", i, buf.String(), this.expectWithoutEscape)
|
||||
}
|
||||
|
||||
buf.Reset()
|
||||
err = tmpl.Execute(buf, SafeCSS(this.str))
|
||||
if err != nil {
|
||||
t.Errorf("[%d] execute template with an escaped string value by SafeCSS returns unexpected error: %s", i, err)
|
||||
}
|
||||
if buf.String() != this.expectWithEscape {
|
||||
t.Errorf("[%d] execute template with an escaped string value by SafeCSS, got %v but expected %v", i, buf.String(), this.expectWithEscape)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue