// Copyright 2015 The Go Authors. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
// +build ignore
package template_test
import (
"fmt"
"html/template"
"log"
"os"
)
func Example() {
const tpl = `
{{.Title}}
{{range .Items}}{{ . }}
{{else}}no rows
{{end}}
`
check := func(err error) {
if err != nil {
log.Fatal(err)
}
}
t, err := template.New("webpage").Parse(tpl)
data := struct {
Title string
Items []string
}{
Title: "My page",
Items: []string{
"My photos",
"My blog",
},
}
err = t.Execute(os.Stdout, data)
check(err)
noItems := struct {
Title string
Items []string
}{
Title: "My another page",
Items: []string{},
}
err = t.Execute(os.Stdout, noItems)
check(err)
// Output:
//
//
//
//
// My page
//
//
// My photos
My blog
//
//
//
//
//
//
// My another page
//
//
// no rows
//
//
}
func Example_autoescaping() {
check := func(err error) {
if err != nil {
log.Fatal(err)
}
}
t, err := template.New("foo").Parse(`{{define "T"}}Hello, {{.}}!{{end}}`)
check(err)
err = t.ExecuteTemplate(os.Stdout, "T", "")
check(err)
// Output:
// Hello, <script>alert('you have been pwned')</script>!
}
func Example_escape() {
const s = `"Fran & Freddie's Diner" `
v := []interface{}{`"Fran & Freddie's Diner"`, ' ', ``}
fmt.Println(template.HTMLEscapeString(s))
template.HTMLEscape(os.Stdout, []byte(s))
fmt.Fprintln(os.Stdout, "")
fmt.Println(template.HTMLEscaper(v...))
fmt.Println(template.JSEscapeString(s))
template.JSEscape(os.Stdout, []byte(s))
fmt.Fprintln(os.Stdout, "")
fmt.Println(template.JSEscaper(v...))
fmt.Println(template.URLQueryEscaper(v...))
// Output:
// "Fran & Freddie's Diner" <tasty@example.com>
// "Fran & Freddie's Diner" <tasty@example.com>
// "Fran & Freddie's Diner"32<tasty@example.com>
// \"Fran & Freddie\'s Diner\" \x3Ctasty@example.com\x3E
// \"Fran & Freddie\'s Diner\" \x3Ctasty@example.com\x3E
// \"Fran & Freddie\'s Diner\"32\x3Ctasty@example.com\x3E
// %22Fran+%26+Freddie%27s+Diner%2232%3Ctasty%40example.com%3E
}