I'm using Echo to build my first small Go web service and I went with the example they provide for using html/template for HTML page templates to simplify page management.
On one of the pages I'm collecting data from a backend API and wanted to display it in a table. I'm generating the HTML and then passing it into the template. Unfortunately html/template is encoding it as safe text rather than letting the HTML pass through.
I can see in the html/template docs how you could tell it the HTML is safe there but I'm not sure how to do that same thing inside Echo.
How do I make it so that HTML passed through Render is accepted as HTML instead of encoded?
Simplified versions of the go files and template:
server.go
package main
import (
"io"
"html/template"
"github.com/labstack/echo"
"github.com/labstack/echo/middleware"
"github.com/labstack/gommon/log"
)
type Template struct {
templates *template.Template
}
func (t *Template) Render(w io.Writer, name string, data interface{}, c echo.Context) error {
return t.templates.ExecuteTemplate(w, name, data)
}
func main() {
t := &Template{
templates: template.Must(template.ParseGlob("views/*.html")),
}
e := echo.New()
e.Logger.SetLevel(log.INFO)
e.Use(middleware.Logger())
e.Renderer = t
e.GET("/", homePage)
// HTTP server
e.Logger.Fatal(e.Start(":1323"))
}
pages.go
package main
import (
"github.com/labstack/echo"
)
func homePage(c echo.Context) error {
return c.Render(http.StatusOK, "home", "<p>HTML Test</p>")
}
views/home.html
{{define "home"}}
{{template "head"}}
{{template "navbar"}}
{{.}}
{{template "foot"}}
{{end}}
This is covered in the html/template package summary:
By default, this package assumes that all pipelines produce a plain text string. It adds escaping pipeline stages necessary to correctly and safely embed that plain text string in the appropriate context.
When a data value is not plain text, you can make sure it is not over-escaped by marking it with its type.
For example:
return c.Render(http.StatusOK, "home", template.HTML("<p>HTML Test</p>"))