From 437d5095a6c9aabbabf900417724e655bd4de234 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Mon, 6 Apr 2020 12:50:54 -0600 Subject: templates: Use text/template; add experimental notice to docs Using html/template.HTML like we were doing before caused nested include to be HTML-escaped, which breaks sites. Now we do not escape any of the output; template input is usually trusted, and if it's not, users should employ escaping actions within their templates to keep it safe. The docs already said this. --- modules/caddyhttp/templates/templates.go | 2 ++ 1 file changed, 2 insertions(+) (limited to 'modules/caddyhttp/templates/templates.go') diff --git a/modules/caddyhttp/templates/templates.go b/modules/caddyhttp/templates/templates.go index cf0908d..a0b7ffe 100644 --- a/modules/caddyhttp/templates/templates.go +++ b/modules/caddyhttp/templates/templates.go @@ -33,6 +33,8 @@ func init() { // The syntax is documented in the Go standard library's // [text/template package](https://golang.org/pkg/text/template/). // +// ⚠️ Template functions/actions are still experimental, so they are subject to change. +// // [All Sprig functions](https://masterminds.github.io/sprig/) are supported. // // In addition to the standard functions and Sprig functions, Caddy adds -- cgit v1.2.3