Documentation
¶
Overview ¶
Package htmlio writes the small HTML fragments used by standard JaWS widgets.
Attribute values passed as ordinary strings are HTML-escaped by this package. HTML tag names and template.HTMLAttr fragments are trusted input and are written as-is; callers must not derive them from untrusted user data.
Index ¶
- func AppendAttr(b []byte, name, value string) []byte
- func AppendAttrValue(b []byte, value string) []byte
- func AppendAttrs(b []byte, attrs []template.HTMLAttr) []byte
- func Attr(name, value string) template.HTMLAttr
- func WriteHTMLInner(w io.Writer, jid jid.Jid, htmlTag, typeAttr string, innerHTML template.HTML, ...) (err error)
- func WriteHTMLInput(w io.Writer, jid jid.Jid, typeAttr, valueAttr string, ...) (err error)
- func WriteHTMLTag(w io.Writer, jid jid.Jid, htmlTag, typeAttr, valueAttr string, ...) (err error)
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func AppendAttr ¶ added in v0.406.0
AppendAttr appends a trusted attribute name with an escaped value.
The name parameter must be a trusted attribute name. The value parameter must be the unescaped logical attribute value; it is escaped for HTML source output by this function.
func AppendAttrValue ¶ added in v0.406.0
AppendAttrValue appends value as a double-quoted HTML attribute value.
The value parameter must be the unescaped logical attribute value. It is escaped for HTML source output by this function.
func AppendAttrs ¶ added in v0.500.0
AppendAttrs appends each non-empty attribute fragment in attrs to b, separated by a leading space.
The attrs are trusted raw HTML attribute fragments written verbatim with no escaping; they MUST NOT contain untrusted data. Use Attr or AppendAttr to build attribute fragments with an escaped value.
func Attr ¶ added in v0.406.0
Attr returns a trusted attribute name with an escaped value.
The name parameter must be a trusted attribute name. The value parameter must be the unescaped logical attribute value; it is escaped for HTML source output by this function.
func WriteHTMLInner ¶
func WriteHTMLInner(w io.Writer, jid jid.Jid, htmlTag, typeAttr string, innerHTML template.HTML, attrs ...template.HTMLAttr) (err error)
WriteHTMLInner writes an HTML element with trusted inner HTML.
Void/singleton tags such as img and input are written without a closing tag, and any innerHTML passed for them is ignored, since a void element cannot contain content (emitting "<img>...</img>" would be invalid HTML).
The htmlTag parameter is trusted and written verbatim with no escaping or validation; it MUST NOT be derived from untrusted data. The typeAttr parameter must be an unescaped logical value; it is escaped for HTML source output. The attrs parameter contains trusted raw attribute fragments and is written verbatim with no escaping; it MUST NOT contain untrusted data. Use Attr or AppendAttr to build attribute fragments with an escaped value.
func WriteHTMLInput ¶
func WriteHTMLInput(w io.Writer, jid jid.Jid, typeAttr, valueAttr string, attrs []template.HTMLAttr) (err error)
WriteHTMLInput writes an input start tag with optional id, type, value and raw attribute fragments.
The typeAttr and valueAttr parameters must be unescaped logical values; they are escaped for HTML source output. The attrs parameter contains trusted raw attribute fragments and is written verbatim with no escaping; it MUST NOT contain untrusted data, nor must typeAttr be derived from untrusted data. Use Attr or AppendAttr to build attribute fragments with an escaped value.
func WriteHTMLTag ¶
func WriteHTMLTag(w io.Writer, jid jid.Jid, htmlTag, typeAttr, valueAttr string, attrs []template.HTMLAttr) (err error)
WriteHTMLTag writes an HTML start tag with optional id, type, value and raw attribute fragments.
The htmlTag parameter is trusted and written verbatim with no escaping or validation; it MUST NOT be derived from untrusted data. The typeAttr and valueAttr parameters must be unescaped logical values; they are escaped for HTML source output. The attrs parameter contains trusted raw attribute fragments and is written verbatim with no escaping; it MUST NOT contain untrusted data. Use Attr or AppendAttr to build attribute fragments with an escaped value.
Types ¶
This section is empty.
Source Files