Hey there,
I am pretty new to Go Lang and for a project at university I have to test the possibility for XSS and using for scrips at html.
As an example: CMS system running on Go
The user wishes to change the html content of page and use javaScript for some content.
I searched for a solution but didnt find something usefull for me.
either I get:
zgotmplz
or the script tags get simply exchanged to
>
Is there a way to pass the values from a struct to an HTML without < > getting exchanged?
so I can do sth like:
type test struct {
Script String
}
func main() {
http.HandleFunc("/", AddScript)
http.ListenAndServe(":8080", nil)
}
func AddScript(w http.ResponseWriter, r *http.Request){
myScript:=test{"<.script language="JavaScript"> doSth </.script>"}
fp := path.Join("", "./.idea/GWT/XSS/html/index.html")
tmpl, err := template.ParseFiles(fp)
if err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
if err := tmpl.Execute(w, myScript); err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
}
}
or do I need to load html template change the certain content save it and reload the page so the script is in the html file itself which i call?
Sry for the bad formatting and I hope I didn’t do a repost on something simular
Thanks ahead