Geek Answers Handbook

How to get rid of ZgotmplZ from html / template in Golang?

I am using Golang in the backend. When I process html with html / templates, I get ZgotmplZ for the URL.

 {{if .UserData.GitURL}} <li> <a href="{{.UserData.GitURL}}"> <i class="icon fa fa-github"></i> </a> </li> {{end}}

I use the string for GitURL on the server side. This url is https . When I was looking for solutions, some blogs suggested using safeURL . So I tried

 {{if .UserData.GitURL}} <li> <a href="{{.UserData.GitURL | safeURL}}"> <i class="icon fa fa-github"></i> </a> </li> {{end}}

But the code did not compile.

Can someone help me? Any suggestion would be really helpful.

+7
html url go templates go-html-template
source share
1 answer

ZgotmplZ is a special value indicating that your entry is invalid. Quoting from html/template document:

 "ZgotmplZ" is a special value that indicates that unsafe content reached a CSS or URL context at runtime. The output of the example will be <img src="#ZgotmplZ"> If the data comes from a trusted source, use content types to exempt it from filtering: URL(`javascript:...`).

If you want to replace the text with a valid one , nothing special like the safeURL function is required. If, as a result of executing your template, the value is "#ZgotmplZ" , this means that the URL you want to insert is not valid.

See this example:

 t := template.Must(template.New("").Parse(`<a href="{{.}}"></a>` + "\n")) t.Execute(os.Stdout, "http://google.com") t.Execute(os.Stdout, "badhttp://google.com")

Output:

 <a href="http://google.com"></a> <a href="#ZgotmplZ"></a>

You can use a value of type template.URL if you want to use the as-is url without escaping. Please note that in this case, the value provided will be used as is, even if it is not a valid URL.

safeURL is not some kind of magic or a predefined function that you can use in templates. But you can register your own function, which returns the string url parameter as a value of type template.URL :

 t2 := template.Must(template.New("").Funcs(template.FuncMap{ "safeURL": func(u string) template.URL { return template.URL(u) }, }).Parse(`<a href="{{. | safeURL}}"></a>` + "\n")) t2.Execute(os.Stdout, "http://google.com") t2.Execute(os.Stdout, "badhttp://google.com")

Output:

 <a href="http://google.com"></a> <a href="badhttp://google.com"></a>

Note. . If you can pass the value of template.URL directly when the template is executed, you do not need to register and use the user-friendly function safeURL() :

 t3 := template.Must(template.New("").Parse(`<a href="{{.}}"></a>` + "\n")) t3.Execute(os.Stdout, template.URL("http://google.com")) t3.Execute(os.Stdout, template.URL("badhttp://google.com"))

Output:

 <a href="http://google.com"></a> <a href="badhttp://google.com"></a>

Try this on Go to the Playground .

+6
source share

More articles:


All Articles