I have created this really simple program for testing.
package main
import (
"fmt"
"github.com/microcosm-cc/bluemonday"
"github.com/pressly/chi"
"github.com/russross/blackfriday"
"github.com/unrolled/render"
"net/http"
)
func main() {
r := chi.NewRouter()
r.Get("/", homepageGET)
http.ListenAndServe(":8080", r)
}
func homepageGET(w http.ResponseWriter, r *http.Request) {
Renderer := render.New(render.Options{
Directory: "frontend",
Extensions: []string{".tmpl", ".html"},
UnEscapeHTML: true,
})
unsafe := blackfriday.MarkdownCommon([]byte("**bolded text**"))
markdownContent := bluemonday.UGCPolicy().SanitizeBytes(unsafe)
fmt.Print(string(markdownContent))
Renderer.HTML(w, http.StatusOK, "index", map[string]interface{}{
"content": fmt.Sprintf(string(markdownContent))})
}
And then I have a HTML file containing nothing besides:
<body>
{{ .content }}
</body>
The fmt.Print command prints "<p><strong>bolded text</strong></p>", whereas it's inserted into the HTML page as: "<p><strong>bolded text</strong></p>".
I believe it is related to escaped HTML, but for the unrolled/render package I configure it as unescaped.. I'd greatly appreciate any help getting the test program working (preferably together with unrolled/render).
In Go you can convert known safe html strings to the template.HTML type, and since unrolled/render uses Go's html/template to render html you should be able to use just that.
Renderer.HTML(w, http.StatusOK, "index", map[string]interface{}{
"content": template.HTML(markdownContent),
})