HTML Dynamicly with scripts

Hey there,

I am pretty new to Go Lang and for a project at university I have to test the possibility for XSS and using for scrips at html.

As an example: CMS system running on Go
The user wishes to change the html content of page and use javaScript for some content.

I searched for a solution but didnt find something usefull for me.
either I get:
or the script tags get simply exchanged to

Is there a way to pass the values from a struct to an HTML without < > getting exchanged?
so I can do sth like:

type test struct {
    Script String

func main() {

    http.HandleFunc("/", AddScript)
    http.ListenAndServe(":8080", nil)

func AddScript(w http.ResponseWriter, r *http.Request){

    myScript:=test{"<.script language="JavaScript"> doSth </.script>"}
    fp := path.Join("", "./.idea/GWT/XSS/html/index.html")
    tmpl, err := template.ParseFiles(fp)

    if err != nil {
    http.Error(w, err.Error(), http.StatusInternalServerError)

    if err := tmpl.Execute(w, myScript); err != nil {
        http.Error(w, err.Error(), http.StatusInternalServerError)


or do I need to load html template change the certain content save it and reload the page so the script is in the html file itself which i call?

Sry for the bad formatting and I hope I didn’t do a repost on something simular
Thanks ahead

Found this example. Basically, wrap your HTML in a template.HTML.

Remember that you’re then responsible for dealing with all kinds of possible security issues.


Thank you. Havn’t seen that way before.

Yes I am aware of that. I basicly want to make a damn vun webserver for that project. I mean the error msg I got before the way I coded, it wasnt errors at all there is a reason that they implemented it that way. They dont want that XSS attacks keep going on.
I’ll try to add it to my samples and test it out.

If wanted I will post my Code to what I found on Git, but will still take a month or two.

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.