The placeholders never show up in template output. If the data is missing, the placeholders normally just disappear; in some cases there might be an error, depending on exactly what type of “missing.”
Andy > On Sep 14, 2017, at 8:14 AM, Karv Prime <karv.pr...@gmail.com> wrote: > > As it would get a little bit confusing if I'd reply to everyone with a single > post, I'll answer in a single post. I hope you don't mind. At least now it's > past 16:00 and not past 04:00 and I have a clearer mind. ^^ > > @Egon: I've read the whole article - yes, many coders sadly do forget about > proper sanitization of user-input. As I'm pretty focused on security, I know > about the implications of many design-approaches. Easy-to-use approaches are > neat and in that certain case super useful - but sadly not for my use-case. ^^ > > @Andy Balholm: No, the "blog posts" are not HTML. Again: There is a reusable > HTML snippet. That snippet can be filled with user content - which truly > needs to be sanitized due to security concerns. If the snippet gets sent to > the user via asynchronous request there's nothing more to do as JS takes the > part with putting it into its place. But if the whole page has to be > rendered, that snippet needs to be put into the page, before the whole page > gets sent to the user. The other way would be to leave the complete rendering > to the user browser which comes with its very own disadvantages (i.E. no > scripting available, etc.). > I thought that the whole package auto-sanitizes the content as you've stated > before. Now, okay, it's usable for that use case. It's not perfect with all > the artifacts one needs to put into the HTML code, but if necessary I can > work with that. ^^ > > @Marvin Renich: Thank you for this information. I'm new to Golang and I > probably misunderstood one comment here for "the (whole) template package > does automatic escaping), so I didn't look further - my mistake. So it would > be possible to implement everything via the template package - yet there's > the disadvantage of the need to put artifacts into the markup which then get > replaced by the wanted content (I have to look into it further - if there's > an error if there is no data for some template code it's perfectly fine... > otherwise it will look like some websites where the artifacts are visible to > the user if they didn't get replaced). > > -- > You received this message because you are subscribed to the Google Groups > "golang-nuts" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to golang-nuts+unsubscr...@googlegroups.com > <mailto:golang-nuts+unsubscr...@googlegroups.com>. > For more options, visit https://groups.google.com/d/optout > <https://groups.google.com/d/optout>. -- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
