Answer the question
In order to leave comments, you need to log in
D
D
Dmitry Shnyrev2014-11-04 18:00:12
Dmitry Shnyrev, 2014-11-04 18:00:12
Html sanitizer in Go?
I am using html/template to generate the page. Heard about his automatic escaping. That's great.
But what should I do if I don't need to "escape" everything.
I have articles in the database in the form of html, created and edited in CKEditor.
I don't need to completely remove all html tags. Most of it can and should be left to preserve the formatting. But any unsafe "nonsense" such as javascript must be removed.
In Rails, sanitize does this nicely (like this <%= sanitize @article.body %>).
Googled this question for Go - generally silence. Only one link to the library https://github.com/kennygrant/sanitize
Who faced a similar task, share the recipe.
What can you say about the library github.com/kennygrant/sanitize
PS. Still somehow strange, but I barely found information on how to disable escaping in html/template. Is it really such a rare task that it is not written about anywhere?
And the solution is some kind of custom
template.FuncMap {
"unescaped": func(x string) template.HTML { return template.HTML(x)},
}
and in the template
{{ .BodyHtml | unescaped}}
3 answer(s)
@Lerg
@SilentFl
S
Sergey Lerg, 2014-11-04 @Lerg
Use the library you found, if suddenly it works a little differently, you can always edit it.
S
SilentFl, 2014-11-05 @SilentFl
A very strange problem, although I understand the reasons for its occurrence. According to the authors' idea, you either do escaping everywhere, or explicitly indicate that this is not necessary and you trust the text. If you do not agree with this position - use third-party libraries.
I would think in the direction of CKEditor (if it is necessary) + BBCode plugin, with the subsequent replacement of only the necessary bb-codes.
Similar questions
G
V
N
I
R
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question