I am using Go html/template package for rendering user inputs received from HTML form. As the package html/template is preventing script injection from user inputs, all the html tags will be converted into their &...; formats.
However, I am planning to use WYSIWYG input field which allows users to input some styling tags such as the < strong > tag. I am using template function solution.
funcs := template.FuncMap{
"marktag": func(text string) template.HTML {
output := strings.Replace(template.HTMLEscapeString(text), "<strong>", "<strong>", -1)
output = strings.Replace(output, "</strong>", "</strong>", -1)
return template.HTML(output)
},
}
Which works OK. However, I have to call strings.Replace(..) function many times if I need to convert the other tags too such as
<ul><li></li></ul>
<emphasize></emphasize>
<code></code>
and so on
Furhermore, I found it hard to deal with the css style like
<p style="color: #343434"></p>
Now I have to check for
<p
as well. Is there any ideal solution to this problem?