Home > Back-end >  How to render user posts with links but no other html?
How to render user posts with links but no other html?

Time:06-19

I'm building a website similar to twitter. A user can make a post and mention another user using the @username notation.

At first I was going to parse each post server side and add html tags around the @mentions, then render the post as a template.HTML (I'm using Go server side), but then I realized that users would be able to add any html they want, and I don't want that. Is there a way to render the posts as html while ignoring any html that the user tries to upload? Any code/markup that they upload should be shown in plain text.

Or will it be better to add the markup around the @mentions client side using javascript?

CodePudding user response:

Great worry! This type of HTML injection from user input is a real problem, fortunately, there’s an easy fix, you can escape HTML characters so the browser understands that there’s a literal “<“ character in the text, not the start of a HTML element.

In Go, there’s the html.EscapeString, which you pass the user input and then can safely use inside HTML. So you would sanitize the input and after that parse it and link the @mentions.

Page link:https//www.codepudding.com/Backend/447017.html

Prev:Does the named return slice need to be made in golang?
Next:How to create array json schema for an array string which contains some fixed values and may have ot
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding