Home | History | Annotate | Download | only in template 
      1 // Copyright 2015 The Go Authors. All rights reserved.
      2 // Use of this source code is governed by a BSD-style
      3 // license that can be found in the LICENSE file.
      4 
      5 package template_test
      6 
      7 import (
      8 	"fmt"
      9 	"html/template"
     10 	"log"
     11 	"os"
     12 )
     13 
     14 func Example() {
     15 	const tpl = `
     16 <!DOCTYPE html>
     17 <html>
     18 	<head>
     19 		<meta charset="UTF-8">
     20 		<title>{{.Title}}</title>
     21 	</head>
     22 	<body>
     23 		{{range .Items}}<div>{{ . }}</div>{{else}}<div><strong>no rows</strong></div>{{end}}
     24 	</body>
     25 </html>`
     26 
     27 	check := func(err error) {
     28 		if err != nil {
     29 			log.Fatal(err)
     30 		}
     31 	}
     32 	t, err := template.New("webpage").Parse(tpl)
     33 
     34 	data := struct {
     35 		Title string
     36 		Items []string
     37 	}{
     38 		Title: "My page",
     39 		Items: []string{
     40 			"My photos",
     41 			"My blog",
     42 		},
     43 	}
     44 
     45 	err = t.Execute(os.Stdout, data)
     46 	check(err)
     47 
     48 	noItems := struct {
     49 		Title string
     50 		Items []string
     51 	}{
     52 		Title: "My another page",
     53 		Items: []string{},
     54 	}
     55 
     56 	err = t.Execute(os.Stdout, noItems)
     57 	check(err)
     58 
     59 	// Output:
     60 	// <!DOCTYPE html>
     61 	// <html>
     62 	// 	<head>
     63 	// 		<meta charset="UTF-8">
     64 	// 		<title>My page</title>
     65 	// 	</head>
     66 	// 	<body>
     67 	// 		<div>My photos</div><div>My blog</div>
     68 	// 	</body>
     69 	// </html>
     70 	// <!DOCTYPE html>
     71 	// <html>
     72 	// 	<head>
     73 	// 		<meta charset="UTF-8">
     74 	// 		<title>My another page</title>
     75 	// 	</head>
     76 	// 	<body>
     77 	// 		<div><strong>no rows</strong></div>
     78 	// 	</body>
     79 	// </html>
     80 
     81 }
     82 
     83 func Example_autoescaping() {
     84 	check := func(err error) {
     85 		if err != nil {
     86 			log.Fatal(err)
     87 		}
     88 	}
     89 	t, err := template.New("foo").Parse(`{{define "T"}}Hello, {{.}}!{{end}}`)
     90 	check(err)
     91 	err = t.ExecuteTemplate(os.Stdout, "T", "<script>alert('you have been pwned')</script>")
     92 	check(err)
     93 	// Output:
     94 	// Hello, &lt;script&gt;alert(&#39;you have been pwned&#39;)&lt;/script&gt;!
     95 }
     96 
     97 func Example_escape() {
     98 	const s = `"Fran & Freddie's Diner" <tasty (a] example.com>`
     99 	v := []interface{}{`"Fran & Freddie's Diner"`, ' ', `<tasty (a] example.com>`}
    100 
    101 	fmt.Println(template.HTMLEscapeString(s))
    102 	template.HTMLEscape(os.Stdout, []byte(s))
    103 	fmt.Fprintln(os.Stdout, "")
    104 	fmt.Println(template.HTMLEscaper(v...))
    105 
    106 	fmt.Println(template.JSEscapeString(s))
    107 	template.JSEscape(os.Stdout, []byte(s))
    108 	fmt.Fprintln(os.Stdout, "")
    109 	fmt.Println(template.JSEscaper(v...))
    110 
    111 	fmt.Println(template.URLQueryEscaper(v...))
    112 
    113 	// Output:
    114 	// &#34;Fran &amp; Freddie&#39;s Diner&#34; &lt;tasty (a] example.com&gt;
    115 	// &#34;Fran &amp; Freddie&#39;s Diner&#34; &lt;tasty (a] example.com&gt;
    116 	// &#34;Fran &amp; Freddie&#39;s Diner&#34;32&lt;tasty (a] example.com&gt;
    117 	// \"Fran & Freddie\'s Diner\" \x3Ctasty (a] example.com\x3E
    118 	// \"Fran & Freddie\'s Diner\" \x3Ctasty (a] example.com\x3E
    119 	// \"Fran & Freddie\'s Diner\"32\x3Ctasty (a] example.com\x3E
    120 	// %22Fran+%26+Freddie%27s+Diner%2232%3Ctasty%40example.com%3E
    121 
    122 }
    123