Documentation
¶
Overview ¶
Package text provides the leaf text nodes of the Fluent render tree. It backs the Static/Text/Textf/RawText/RawTextf constructors on every HTML element and the like-named methods used to add content after construction.
Three escaping models cover trusted, untrusted, and pre-escaped content:
- Static never escapes and is marked non-dynamic so the JIT can pre-render it. Use only with string literals you control.
- Text and Textf escape via html.EscapeString and are marked dynamic. Use these for variables and user input.
- RawText and RawTextf never escape and are marked dynamic. Use only with HTML you have already sanitised - pair with fluent-security for untrusted markup.
All non-Static nodes report IsDynamic() == true via the node.Dynamic interface so the diff engine can track them across renders.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Node ¶ added in v0.1.1
type Node struct {
// contains filtered or unexported fields
}
Node represents text content that can be either HTML-escaped (safe) or raw (unescaped). It implements the node.Node interface and is used internally by Text() and RawText() constructor functions to handle different security models.
func RawText ¶
RawText creates a dynamic, unescaped text node for trusted HTML content. Use only with content you control, such as pre-built HTML strings; pair with fluent-security to sanitise untrusted markup before passing it here.
Example:
text.RawText(htmlContent)
func RawTextf ¶
RawTextf creates a formatted text component without HTML escaping. It should only be used with trusted format strings and arguments.
Example:
text.RawTextf("<a href='%s'>%s</a>", "/home", "Home") // Renders as: <a href='/home'>Home</a>
func Static ¶
Static creates a text node for compile-time constant strings. The content is NOT HTML-escaped and is marked as non-dynamic, allowing the JIT to pre-render it. Only use with string literals you control - never with user input or dynamic values, as this would create an XSS vulnerability.
For dynamic or user-provided content, use Text or Textf instead.
Example:
text.Static("Copyright 2024") // Renders as: Copyright 2024
func Text ¶
Text creates a dynamic text node with automatic HTML escaping. The characters <, >, &, and quotes are escaped via html.EscapeString so user-supplied content cannot inject markup.
Example:
text.Text(userName)
func Textf ¶
Textf creates a safe, formatted text component with automatic HTML escaping. It works like fmt.Sprintf but ensures the final string is properly escaped to prevent XSS attacks.
Example:
text.Textf("Hello, %s!", "<world>") // Renders as: Hello, <world>!
func (*Node) DynamicKey ¶ added in v0.2.0
DynamicKey returns an empty string - text nodes do not carry tracking keys.
func (*Node) IsDynamic ¶ added in v0.2.0
IsDynamic returns true if this text content is dynamically generated (created with Text, Textf, RawText, or RawTextf). Static content (created with Static) returns false, allowing JIT to pre-render it.
func (*Node) Nodes ¶ added in v0.1.1
Nodes returns an empty slice as text nodes do not have children.
func (*Node) Render ¶ added in v0.1.1
Render returns the text content as a byte slice or writes to the provided writer.
func (*Node) RenderBuilder ¶ added in v0.1.1
RenderBuilder writes the text content directly to the provided buffer. This method provides efficient rendering for large node trees.
Source Files