verify, I merely created a form, put in something like
"<script>alert("text");</script> and saw that the output was properly
escaped when I called FormValue(). I could therefore use the output
directly for storage or display in a template.
On Monday, 5 January 2015 19:35:59 UTC-8, Matthew Holt wrote:
What do you mean by "escaped the output"? Form data must be
form-url-encoded, so they are decoded (url.ParseQuery) for you. Is that
close to what you mean? And how did you "verify that it does" -- any code,
maybe a playground example?
--What do you mean by "escaped the output"? Form data must be
form-url-encoded, so they are decoded (url.ParseQuery) for you. Is that
close to what you mean? And how did you "verify that it does" -- any code,
maybe a playground example?
On Monday, January 5, 2015 8:11:01 PM UTC-7, Rob Thornton wrote:
I could not find anything in the docs that said it escaped the output
(which I can verify that it does). Seems like it would be useful
information to have. Should there be an issue filed for this?
I could not find anything in the docs that said it escaped the output
(which I can verify that it does). Seems like it would be useful
information to have. Should there be an issue filed for this?
You received this message because you are subscribed to the Google Groups "golang-nuts" group.
To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
