FAQ
By escaped, I mean HTML escaping. Where "<" becomes "&lt;", for example. By
verify, I merely created a form, put in something like
"<script>alert("text");</script> and saw that the output was properly
escaped when I called FormValue(). I could therefore use the output
directly for storage or display in a template.
On Monday, 5 January 2015 19:35:59 UTC-8, Matthew Holt wrote:

What do you mean by "escaped the output"? Form data must be
form-url-encoded, so they are decoded (url.ParseQuery) for you. Is that
close to what you mean? And how did you "verify that it does" -- any code,
maybe a playground example?
On Monday, January 5, 2015 8:11:01 PM UTC-7, Rob Thornton wrote:

I could not find anything in the docs that said it escaped the output
(which I can verify that it does). Seems like it would be useful
information to have. Should there be an issue filed for this?
--
You received this message because you are subscribed to the Google Groups "golang-nuts" group.
To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Search Discussions

Discussion Posts

Previous

Follow ups

Related Discussions

Discussion Navigation
viewthread | post
posts ‹ prev | 3 of 6 | next ›
Discussion Overview
groupgolang-nuts @
categoriesgo
postedJan 6, '15 at 3:11a
activeJan 6, '15 at 6:45a
posts6
users4
websitegolang.org

People

Translate

site design / logo © 2022 Grokbase