Commit 369454d7 authored by Gustavo Niemeyer's avatar Gustavo Niemeyer

html/template: fix docs after API changes

R=golang-dev, r
CC=golang-dev
https://golang.org/cl/5528109
parent 6454a3eb
...@@ -31,8 +31,8 @@ Example ...@@ -31,8 +31,8 @@ Example
import "text/template" import "text/template"
... ...
t, err := (&template.Set{}).Parse(`{{define "T"}}Hello, {{.}}!{{end}}`) t, err := template.New("foo").Parse(`{{define "T"}}Hello, {{.}}!{{end}}`)
err = t.Execute(out, "T", "<script>alert('you have been pwned')</script>") err = t.ExecuteTemplate(out, "T", "<script>alert('you have been pwned')</script>")
produces produces
...@@ -42,12 +42,12 @@ but with contextual autoescaping, ...@@ -42,12 +42,12 @@ but with contextual autoescaping,
import "html/template" import "html/template"
... ...
t, err := (&template.Set{}).Parse(`{{define "T"}}Hello, {{.}}!{{end}}`) t, err := template.New("foo").Parse(`{{define "T"}}Hello, {{.}}!{{end}}`)
err = t.Execute(out, "T", "<script>alert('you have been pwned')</script>") err = t.ExecuteTemplate(out, "T", "<script>alert('you have been pwned')</script>")
produces safe, escaped HTML output produces safe, escaped HTML output
Hello, &lt;script&gt;alert('you have been pwned')&lt;/script&gt;! Hello, &lt;script&gt;alert(&#39;you have been pwned&#39;)&lt;/script&gt;!
Contexts Contexts
...@@ -57,8 +57,8 @@ functions to each simple action pipeline, so given the excerpt ...@@ -57,8 +57,8 @@ functions to each simple action pipeline, so given the excerpt
<a href="/search?q={{.}}">{{.}}</a> <a href="/search?q={{.}}">{{.}}</a>
At parse time each {{.}} is overwritten to add escaping functions as necessary, At parse time each {{.}} is overwritten to add escaping functions as necessary.
in this case, In this case it becomes
<a href="/search?q={{. | urlquery}}">{{. | html}}</a> <a href="/search?q={{. | urlquery}}">{{. | html}}</a>
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment