Added folder for german translation

de/code/src/apps/ch.4.3/index.gtpl

@@ -0,0 +1,28 @@
+<!doctype html>
+<html>
+	<body>
+		<h2>Cross Site Scripting Attack Test</h2>
+		{{if .}}
+		Previous User Input: <br/>
+		
+		<code><pre>{{.}}</pre></code>
+		{{end}}
+		<form action="/">
+			<label>
+				User Input: 
+				<input type="text" size=50 name="userinput" id="userinput"/>
+			</label>
+			<br/>
+			<label>
+				Escape Input: 
+				<input type="checkbox" value="1" name="escape" id="escape"/>
+			</label>
+			<br/>
+			<input type="submit" id="submitBtn" value="Submit"/>
+		</form>
+		<script type="text/javascript">
+		var s = "<scri"+"pt>alert('pOwned by XSS.')</scri"+"pt>"
+		document.getElementById("userinput").value = s;
+		</script>
+	</body>
+</html>

de/code/src/apps/ch.4.3/main.go

@@ -0,0 +1,39 @@
+// Example code for Chapter 4.3 from "Build Web Application with Golang"
+// Purpose: Shows how to properly escape input
+package main
+
+import (
+	"html/template"
+	"net/http"
+	textTemplate "text/template"
+)
+
+var t *template.Template = template.Must(template.ParseFiles("index.gtpl"))
+
+func index(w http.ResponseWriter, r *http.Request) {
+	r.ParseForm()
+	userInput := r.Form.Get("userinput")
+	if 0 < len(r.Form.Get("escape")) {
+		t.Execute(w, template.HTMLEscapeString(userInput))
+	} else {
+		// Variables with type `template.HTML` are not escaped when passed to `.Execute()`
+		t.Execute(w, template.HTML(userInput))
+	}
+}
+func templateHandler(w http.ResponseWriter, r *http.Request) {
+	r.ParseForm()
+	userInput := r.Form.Get("userinput")
+	if 0 < len(r.Form.Get("escape")) {
+		// `html/template.Execute()` escapes input
+		t.Execute(w, userInput)
+	} else {
+		tt := textTemplate.Must(textTemplate.ParseFiles("index.gtpl"))
+		// `text/template.Execute()` doesn't escape input
+		tt.Execute(w, userInput)
+	}
+}
+func main() {
+	http.HandleFunc("/", index)
+	http.HandleFunc("/template", templateHandler)
+	http.ListenAndServe(":9090", nil)
+}