From 379bd3ad0054f9023ca231837a7df5c4f915c5d6 Mon Sep 17 00:00:00 2001 From: Brandon Dyck Date: Sun, 24 Mar 2019 21:00:36 -0600 Subject: [PATCH] Warn about text sanitization --- hatmill.go | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/hatmill.go b/hatmill.go index d011212..48b5afb 100644 --- a/hatmill.go +++ b/hatmill.go @@ -57,6 +57,8 @@ func (EmptyElement) isHtml() {} // WriteTo writes the HTML markup represented by e to w, returning the number // of bytes written and any error encountered. +// +// See the warning about sanitization in the (Attrib).WriteTo documentation. func (e EmptyElement) WriteTo(w io.Writer) (n int64, err error) { err = writeStringsTo(w, &n, "<", e.TagName) if err != nil { @@ -91,6 +93,8 @@ func (e ParentElement) isHtml() {} // WriteTo writes the HTML markup represented by e to w, returning the number // of bytes written and any error encountered. +// +// See the warning about sanitization in the (Attrib).WriteTo documentation. func (e ParentElement) WriteTo(w io.Writer) (n int64, err error) { n, err = e.EmptyElement.WriteTo(w) if err != nil { @@ -116,7 +120,8 @@ type Text string func (Text) isHtml() {} // WriteTo writes the contents of t to w, returning the number of bytes written -// and any error encountered. +// and any error encountered. It does not replace special characters with HTML +// entities; use html.EscapeString for this purpose. func (t Text) WriteTo(w io.Writer) (n int64, err error) { err = writeStringsTo(w, &n, string(t)) return