Escaping doesn't work well
clinyong opened this issue · 2 comments
clinyong commented
@variable
will automatically escape the variable, but I found that the escaping doesn't work in layout.
clinyong commented
The template file, it depends on the layout.
@{
import {
"tpl/user/layout/base"
}
<div>
@user.Name
</div>
}
The layout file, base.gohtml
@{
var body string
}
<!DOCTYPE html>
<html lang="en">
<head></head>
<body>
@body
<div>@user.Name</div>
</body>
</html>
If user.Name
is Leo<div>
, in the layout file, the @body
is Leo<div>
, but the @user.Name
is Leo<div>
.