4.3 review
This commit is contained in:
hongruiqi
13
4.3.md
13
4.3.md
@@ -34,6 +34,19 @@
|
|||||||
|
|
||||||
Hello, <script>alert('you have been pwned')</script>!
|
Hello, <script>alert('you have been pwned')</script>!
|
||||||
|
|
||||||
|
或者使用template.HTML类型
|
||||||
|
|
||||||
|
import "html/template"
|
||||||
|
...
|
||||||
|
t, err := template.New("foo").Parse(`{{define "T"}}Hello, {{.}}!{{end}}`)
|
||||||
|
err = t.ExecuteTemplate(out, "T", template.HTML("<script>alert('you have been pwned')</script>"))
|
||||||
|
|
||||||
|
输出
|
||||||
|
|
||||||
|
Hello, <script>alert('you have been pwned')</script>!
|
||||||
|
|
||||||
|
转换成template.HTML后,变量的内容也不会被转义
|
||||||
|
|
||||||
转义的例子:
|
转义的例子:
|
||||||
|
|
||||||
import "html/template"
|
import "html/template"
|
||||||
|
|||||||
Reference in New Issue
Block a user