7

I have created this really simple program for testing.

package main

import (
    "fmt"
    "github.com/microcosm-cc/bluemonday"
    "github.com/pressly/chi"
    "github.com/russross/blackfriday"
    "github.com/unrolled/render"
    "net/http"
)

func main() {
    r := chi.NewRouter()
    r.Get("/", homepageGET)
    http.ListenAndServe(":8080", r)
}

func homepageGET(w http.ResponseWriter, r *http.Request) {
    Renderer := render.New(render.Options{
        Directory:    "frontend",
        Extensions:   []string{".tmpl", ".html"},
        UnEscapeHTML: true,
    })
    unsafe := blackfriday.MarkdownCommon([]byte("**bolded text**"))
    markdownContent := bluemonday.UGCPolicy().SanitizeBytes(unsafe)
    fmt.Print(string(markdownContent))
    Renderer.HTML(w, http.StatusOK, "index", map[string]interface{}{
        "content": fmt.Sprintf(string(markdownContent))})
}

And then I have a HTML file containing nothing besides:

<body>
  {{ .content }}
</body>

The fmt.Print command prints "<p><strong>bolded text</strong></p>", whereas it's inserted into the HTML page as: "&lt;p&gt;&lt;strong&gt;bolded text&lt;/strong&gt;&lt;/p&gt;".

I believe it is related to escaped HTML, but for the unrolled/render package I configure it as unescaped.. I'd greatly appreciate any help getting the test program working (preferably together with unrolled/render).

Improve this question

1 Answer 1

Reset to default
11

In Go you can convert known safe html strings to the template.HTML type, and since unrolled/render uses Go's html/template to render html you should be able to use just that.

Renderer.HTML(w, http.StatusOK, "index", map[string]interface{}{
        "content": template.HTML(markdownContent),
})
Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

No problem, I'm glad I could help. Just FYI, from looking at the unrolled/render's source, it seems to me that the UnEscapeHTML option is only for unescaping JSON values, and although they don't mention it in their documentation of the option, they do mention it in their README under Available Options.
After reading your solution I also tried to remove the UnEscapeHTML: true, option and it still worked :).. before posting my question I had also tried to make it work using template.Must(template.New("").Parse(markdownContent).. not sure if it would've worked or not but I also noticed I foolishly used text/template instead of html/template
Parse takes a string, so you can pass the markdownContent value directly to it although you need to cast it to a string since MarkdownCommon returns a slice of bytes, and you would also lose the <body>...</body> part. Here's a quick example of how template escaping works: play.golang.org/p/tkYXcmNXLm
That's great :), I do think template.HTML(md) inside the map[string]interface{}{...} feels much cleaner and easier to work with than template.Must(template.New("").Parse(string(md))) so I'm very happy to know it's possible to do it that way ^_^

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.