diff options
author | Matthew Holt <mholt@users.noreply.github.com> | 2020-04-06 12:50:54 -0600 |
---|---|---|
committer | Matthew Holt <mholt@users.noreply.github.com> | 2020-04-06 12:51:53 -0600 |
commit | 437d5095a6c9aabbabf900417724e655bd4de234 (patch) | |
tree | b6aa16c973c67bf51fe7e6dba16144a2b5365481 /modules/caddyhttp/templates/templates.go | |
parent | 145aebbba50e9ed5487ecc24b0e0ca384842ccc0 (diff) |
templates: Use text/template; add experimental notice to docs
Using html/template.HTML like we were doing before caused nested include
to be HTML-escaped, which breaks sites. Now we do not escape any of the
output; template input is usually trusted, and if it's not, users should
employ escaping actions within their templates to keep it safe. The docs
already said this.
Diffstat (limited to 'modules/caddyhttp/templates/templates.go')
-rw-r--r-- | modules/caddyhttp/templates/templates.go | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/modules/caddyhttp/templates/templates.go b/modules/caddyhttp/templates/templates.go index cf0908d..a0b7ffe 100644 --- a/modules/caddyhttp/templates/templates.go +++ b/modules/caddyhttp/templates/templates.go @@ -33,6 +33,8 @@ func init() { // The syntax is documented in the Go standard library's // [text/template package](https://golang.org/pkg/text/template/). // +// ⚠️ Template functions/actions are still experimental, so they are subject to change. +// // [All Sprig functions](https://masterminds.github.io/sprig/) are supported. // // In addition to the standard functions and Sprig functions, Caddy adds |