From 4d3db77c6906d09038e55915653dc98cdf4d66bb Mon Sep 17 00:00:00 2001 From: David Symonds Date: Thu, 26 Apr 2012 17:50:44 +1000 Subject: [PATCH] doc: update wiki article to use html/template properly. Fixes #3569. R=golang-dev, r CC=golang-dev https://golang.org/cl/6116055 --- doc/articles/wiki/edit.html | 6 +++--- doc/articles/wiki/index.html | 11 ++++++----- doc/articles/wiki/view.html | 6 +++--- 3 files changed, 12 insertions(+), 11 deletions(-) diff --git a/doc/articles/wiki/edit.html b/doc/articles/wiki/edit.html index c14953b17b..044c3bedea 100644 --- a/doc/articles/wiki/edit.html +++ b/doc/articles/wiki/edit.html @@ -1,6 +1,6 @@ -

Editing {{.Title |html}}

+

Editing {{.Title}}

-
-
+ +
diff --git a/doc/articles/wiki/index.html b/doc/articles/wiki/index.html index 52bf7e798b..6c45d7178e 100644 --- a/doc/articles/wiki/index.html +++ b/doc/articles/wiki/index.html @@ -359,10 +359,10 @@ First, we must add html/template to the list of imports: 
 import (
+	"html/template"
 	"http"
 	"io/ioutil"
 	"os"
-	"html/template"
 )
@@ -397,10 +397,11 @@ Template directives are enclosed in double curly braces. The printf "%s" .Body instruction is a function call that outputs .Body as a string instead of a stream of bytes, the same as a call to fmt.Printf. -The |html part of each directive pipes the value through the -html formatter before outputting it, which escapes HTML -characters (such as replacing > with >), -preventing user data from corrupting the form HTML. +The html/template package helps guarantee that only safe and +correct-looking HTML is generated by template actions. For instance, it +automatically escapes any greater than sign (>), replacing it +with >, to make sure user data does not corrupt the form +HTML.

diff --git a/doc/articles/wiki/view.html b/doc/articles/wiki/view.html index 0233915774..b1e87efe80 100644 --- a/doc/articles/wiki/view.html +++ b/doc/articles/wiki/view.html @@ -1,5 +1,5 @@ -

{{.Title |html}}

+

{{.Title}}

-

[edit]

+

[edit]

-
{{printf "%s" .Body |html}}
+
{{printf "%s" .Body}}