6

I have created this really simple program for testing.

package main

import (
    "fmt"
    "github.com/microcosm-cc/bluemonday"
    "github.com/pressly/chi"
    "github.com/russross/blackfriday"
    "github.com/unrolled/render"
    "net/http"
)

func main() {
    r := chi.NewRouter()
    r.Get("/", homepageGET)
    http.ListenAndServe(":8080", r)
}

func homepageGET(w http.ResponseWriter, r *http.Request) {
    Renderer := render.New(render.Options{
        Directory:    "frontend",
        Extensions:   []string{".tmpl", ".html"},
        UnEscapeHTML: true,
    })
    unsafe := blackfriday.MarkdownCommon([]byte("**bolded text**"))
    markdownContent := bluemonday.UGCPolicy().SanitizeBytes(unsafe)
    fmt.Print(string(markdownContent))
    Renderer.HTML(w, http.StatusOK, "index", map[string]interface{}{
        "content": fmt.Sprintf(string(markdownContent))})
}

And then I have a HTML file containing nothing besides:

<body>
  {{ .content }}
</body>

The fmt.Print command prints "<p><strong>bolded text</strong></p>", whereas it's inserted into the HTML page as: "&lt;p&gt;&lt;strong&gt;bolded text&lt;/strong&gt;&lt;/p&gt;".

I believe it is related to escaped HTML, but for the unrolled/render package I configure it as unescaped.. I'd greatly appreciate any help getting the test program working (preferably together with unrolled/render).

fisker
  • 979
  • 4
  • 18
  • 28

1 Answers1

10

In Go you can convert known safe html strings to the template.HTML type, and since unrolled/render uses Go's html/template to render html you should be able to use just that.

Renderer.HTML(w, http.StatusOK, "index", map[string]interface{}{
        "content": template.HTML(markdownContent),
})
mkopriva
  • 35,176
  • 4
  • 57
  • 71
  • No problem, I'm glad I could help. Just FYI, from looking at the `unrolled/render`'s source, it seems to me that the `UnEscapeHTML` option is only for unescaping JSON values, and although they don't mention it in their documentation of the option, they do mention it in their `README` under [Available Options](https://github.com/unrolled/render#available-options). – mkopriva Apr 17 '17 at 20:38
  • After reading your solution I also tried to remove the `UnEscapeHTML: true,` option and it still worked :).. before posting my question I had also tried to make it work using `template.Must(template.New("").Parse(markdownContent)`.. not sure if it would've worked or not but I also noticed I foolishly used `text/template` instead of `html/template` – fisker Apr 17 '17 at 20:46
  • `Parse` takes a string, so you can pass the `markdownContent` value directly to it although you need to cast it to a `string` since `MarkdownCommon` returns a slice of bytes, and you would also lose the `...` part. Here's a quick example of how template escaping works: https://play.golang.org/p/tkYXcmNXLm – mkopriva Apr 17 '17 at 21:04
  • That's great :), I do think `template.HTML(md)` inside the map[string]interface{}{...} feels much cleaner and easier to work with than `template.Must(template.New("").Parse(string(md)))` so I'm very happy to know it's possible to do it that way ^_^ – fisker Apr 18 '17 at 00:04