<p>I'll probably delete this since it's two unrelated questions, but these have been burning in my mind for several months, and I can't seem to figure it out.</p>
<p>1) Is the standard router to my files "enough" to start building a safe server from? I realize it's not going to have many of the features a typical website would have, but are there safety considerations or other issues to think about <strong>before</strong> I start scaling? I'd love to tinker from the ground up, instead of using a library that already has a lot of the features I would like to build towards, in order to learn. </p>
<p>2) Second, if I'm using all server-sided logic with no user input, is the standard templating library considered (text/template) safe? Or should I still use html/template? There are some templating tasks that are essentially impossible to perform if I'm escaping html. But I want to be thorough in how I think about this, for future security's sake. </p>
<p>I realize these are beginner's questions, but every time I start a small web project, I doubt myself when I start to scale it a little. Thanks so much! I may never have learned to love playing with Go had it not been for this community.</p>
<hr/>**评论:**<br/><br/>cube2222: <pre><p>So to answer both of your questions:</p>
<ol>
<li><p>Basically, use the standard library whenever there isn't a sure reason not to. It's well thought through and very well written, you shouldn't have problems with it.</p></li>
<li><p>Well, the no user input part at all makes me think it could be enough to use text/template. However, for future security's sake better use the html/template library. Because when you scale you may not notice when you actually start accepting user input and forget to change to html/template.</p></li>
</ol>
<p>Good luck with your web app!</p></pre>plasticmacaroni: <pre><p>Thank you so much! You've given me peace of mind; I think PHP makes me distrust everything.</p></pre>dankcode: <pre><p>1) Yes provided that you don't need more complicated route resolution patterns. The stdlib is fine but the routing paths are rather limited.
2) Html/template is preferred to text/template for html. The text/template lib has less functionality available to it out of the box.</p></pre>plasticmacaroni: <pre><p>Thank you! I had a lot of problems performing some of the logic behind adding elements to the page in the html/template package before, which obviously escapes things the text/template package doesn't. I'll give it another ...go... (heh heh)</p></pre>
Two questions: is the standard http router "enough" for a safe server, and templating security
agolangf · · 507 次点击这是一个分享于 的资源,其中的信息可能已经有所发展或是发生改变。
入群交流(和以上内容无关):加入Go大咖交流群,或添加微信:liuxiaoyan-s 备注:入群;或加QQ群:692541889
- 请尽量让自己的回复能够对别人有帮助
- 支持 Markdown 格式, **粗体**、~~删除线~~、
`单行代码`
- 支持 @ 本站用户;支持表情(输入 : 提示),见 Emoji cheat sheet
- 图片支持拖拽、截图粘贴等方式上传