如何在IRIS中禁用自动转义

Question

I insert HTML tags into database table:

<table>
<tr>
   <td>1</td>
   <td>2</td>
   <td>3</td>
</tr>
</table>

And send retrieved data into View

func MyEvent(ctx iris.Context){
        rows := ...
        ctx.ViewData("rows", rows[0])
        ctx.View("template.html")
}

How could I disable auto escaping just in this event?

Answer 1

How you would get raw HTML through the template and into the output would depend on which template engine you're using with Iris. Iris supports five template engines out-of-the-box :

• The standard html, its template parser is the golang.org/pkg/html/template/
• Django, its template parser is the github.com/flosch/pongo2
• Pug(Jade), its template parser is the github.com/Joker/jade
• Handlebars, its template parser is the github.com/aymerick/raymond
• Amber, its template parser is the github.com/eknkc/amber

If you're using the standard html/template package then you'd mark the string as "safe HTML" using the template.HTML type:

ctx.ViewData("rows", template.HTML(rows[0]))

or add your own filter which just does a return template.HTML(s) and use that inside the template.

If you were using Handlebars then you'd use {{{...}}} in the template or raymond.SafeString in a helper :

{{{yourHTML}}}

If you're using one of the other template engines then you'd use whatever mechanism they offer for getting raw HTML through the template.

All of this assumes, of course, that you're scrubbing and sanitizing the HTML before it gets into the database or before it gets from the database to the template.