diff options
author | Matthew Holt <mholt@users.noreply.github.com> | 2020-04-06 12:50:54 -0600 |
---|---|---|
committer | Matthew Holt <mholt@users.noreply.github.com> | 2020-04-06 12:51:53 -0600 |
commit | 437d5095a6c9aabbabf900417724e655bd4de234 (patch) | |
tree | b6aa16c973c67bf51fe7e6dba16144a2b5365481 /modules/caddyhttp/templates/tplcontext_test.go | |
parent | 145aebbba50e9ed5487ecc24b0e0ca384842ccc0 (diff) |
templates: Use text/template; add experimental notice to docs
Using html/template.HTML like we were doing before caused nested include
to be HTML-escaped, which breaks sites. Now we do not escape any of the
output; template input is usually trusted, and if it's not, users should
employ escaping actions within their templates to keep it safe. The docs
already said this.
Diffstat (limited to 'modules/caddyhttp/templates/tplcontext_test.go')
-rw-r--r-- | modules/caddyhttp/templates/tplcontext_test.go | 3 |
1 files changed, 1 insertions, 2 deletions
diff --git a/modules/caddyhttp/templates/tplcontext_test.go b/modules/caddyhttp/templates/tplcontext_test.go index 37b6382..dbf2172 100644 --- a/modules/caddyhttp/templates/tplcontext_test.go +++ b/modules/caddyhttp/templates/tplcontext_test.go @@ -31,7 +31,6 @@ package templates import ( "bytes" "fmt" - "html/template" "io/ioutil" "net/http" "os" @@ -48,7 +47,7 @@ func TestMarkdown(t *testing.T) { for i, test := range []struct { body string - expect template.HTML + expect string }{ { body: "- str1\n- str2\n", |