// htmlNospaceEscaper escapes for inclusion in unquoted attribute values. func htmlNospaceEscaper(args ...any) string { … } // attrEscaper escapes for inclusion in quoted attribute values. func attrEscaper(args ...any) string { … } // rcdataEscaper escapes for inclusion in an RCDATA element body. func rcdataEscaper(args ...any) string { … } // htmlEscaper escapes for inclusion in HTML text. func htmlEscaper(args ...any) string { … } var htmlReplacementTable … var htmlNormReplacementTable … var htmlNospaceReplacementTable … var htmlNospaceNormReplacementTable … // htmlReplacer returns s with runes replaced according to replacementTable // and when badRunes is true, certain bad runes are allowed through unescaped. func htmlReplacer(s string, replacementTable []string, badRunes bool) string { … } // stripTags takes a snippet of HTML and returns only the text content. // For example, `<b>¡Hi!</b> <script>...</script>` -> `¡Hi! `. func stripTags(html string) string { … } // htmlNameFilter accepts valid parts of an HTML attribute or tag name or // a known-safe HTML attribute. func htmlNameFilter(args ...any) string { … } // commentEscaper returns the empty string regardless of input. // Comment content does not correspond to any parsed structure or // human-readable content, so the simplest and most secure policy is to drop // content interpolated into comments. // This approach is equally valid whether or not static comment content is // removed from the template. func commentEscaper(args ...any) string { … }
Codebase Browser
go