Unescaping html in template/html

Cagdas_Caglak · November 5, 2017, 4:02am

hi all
i am trying to build twitter clone, getting tweets from db and extracted the hash tags however need to unescape the urls.

thank in advance

for i, v := range gPost {
	h := GetHashTags(v.Post)
	for _, ht := range h {

		gPost[i].Post = strings.Replace(gPost[i].Post, ht, "<a href='/hashtag/"+ht+"'>"+ht+"</a>", -1)

	}
}

if a == true {
	tmpl.ExecuteTemplate(w, "timeline.htm", &App{Post: gPost, FUser: foll})
} else {
	http.Redirect(w, r, "/login", 302)
}

``

CurtGreen · November 7, 2017, 6:39am

I’ve seen this open for a couple of days, here’s one strategy to accomplish what you would like: https://groups.google.com/forum/#!topic/golang-nuts/8L4eDkr5Q84

Cagdas_Caglak · November 7, 2017, 9:28pm

thanks for the reply CurtGreen,
howeveri want to unescape only the hashtag, user, website urls everything else can be escaped basicly i dont want to whole post to be unescaped

luk4z7 · November 8, 2017, 1:29am

I’m not sure about your question, but what exactly do you wants escape ? only remove the hashtag ?

main.go

for i, v := range gPost {
	h := GetHashTags(v.Post)
	for _, ht := range h {

		gPost[i].Post = strings.Replace(gPost[i].Post, ht, ht, -1)

	}
}
// gets usertags
for i, v := range gPost {
	h := GetUserTags(v.Post)
	for _, ut := range h {
		strings.TrimSpace(ut)
		gPost[i].Post = strings.Replace(gPost[i].Post, ut, ut, -1)

	}
}

timeline.html

<br> <a href="{{ .Post }}">{{ .Post }}</a>

Cagdas_Caglak · November 8, 2017, 2:36am

thanks for reply Lucas
GetHashTags extracts hashtags and string.Replace replaces with the hashtag url

gPost[i].Post = strings.Replace(gPost[i].Post, hh, "<a href='/hashtag/"+hh+"'>"+hh+"</a>", -1)

however i want usertags and hashtags unescaped so in timeline they are urls. this is what i am getting so far

luk4z7 · November 8, 2017, 3:12am

101

like this?

Cagdas_Caglak · November 8, 2017, 3:24am

in this case everything becomes a link

i kind of solved it with this however its open to xss attacks

func noescape(str string) template.HTML {
return template.HTML(str)
}

var fn = template.FuncMap{
"noescape": noescape,
}

luk4z7 · November 8, 2017, 10:09am

Cool, about the XSS, read this about escape html, javacript, etc …

https://astaxie.gitbooks.io/build-web-application-with-golang/en/04.3.html

Cagdas_Caglak · November 8, 2017, 4:50pm

thank you

system · February 6, 2018, 4:50pm

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.