From 437d5095a6c9aabbabf900417724e655bd4de234 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Mon, 6 Apr 2020 12:50:54 -0600 Subject: templates: Use text/template; add experimental notice to docs Using html/template.HTML like we were doing before caused nested include to be HTML-escaped, which breaks sites. Now we do not escape any of the output; template input is usually trusted, and if it's not, users should employ escaping actions within their templates to keep it safe. The docs already said this. --- modules/caddyhttp/templates/tplcontext_test.go | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'modules/caddyhttp/templates/tplcontext_test.go') diff --git a/modules/caddyhttp/templates/tplcontext_test.go b/modules/caddyhttp/templates/tplcontext_test.go index 37b6382..dbf2172 100644 --- a/modules/caddyhttp/templates/tplcontext_test.go +++ b/modules/caddyhttp/templates/tplcontext_test.go @@ -31,7 +31,6 @@ package templates import ( "bytes" "fmt" - "html/template" "io/ioutil" "net/http" "os" @@ -48,7 +47,7 @@ func TestMarkdown(t *testing.T) { for i, test := range []struct { body string - expect template.HTML + expect string }{ { body: "- str1\n- str2\n", -- cgit v1.2.3