Package uncheckedconversions provides functions to create values of safehtml/template types from plain strings.

IsTrue reports whether the value is 'true', in the sense of not the zero of its type, and whether the value has a meaningful truth value.

MakeTrustedTemplate constructs a TrustedTemplate with its underlying tmpl set to the given tmpl, which must be an untyped string constant.

Must is a helper that wraps a call to a function returning (*Template, error) and panics if the error is non-nil.

MustParseAndExecuteToHTML is a helper that returns the safehtml.HTML value produced by parsing text as a template body and executing it with no data.

New allocates a new HTML template with the given name.

ParseFiles creates a new Template and parses the template definitions from the named files.

ParseFilesFromTrustedSources creates a new Template and parses the template definitions from the named files.

ParseFS is like ParseFiles or ParseGlob but reads from the TrustedFS instead of the host operating system's file system.

ParseGlob creates a new Template and parses the template definitions from the files identified by the pattern, which must match at least one file.

ParseGlobFromTrustedSource creates a new Template and parses the template definitions from the files identified by the pattern, which must match at least one file.

TrustedFSFromEmbed constructs a TrustedFS from an embed.FS.

TrustedFSFromTrustedSource constructs a TrustedFS from the string in the TrustedSource, which should refer to a directory.

TrustedSourceFromConstant constructs a TrustedSource with its underlying src set to the given src, which must be an untyped string constant.

TrustedSourceFromConstantDir constructs a TrustedSource calling path/filepath.Join on an application-controlled directory path, which must be an untyped string constant, a TrustedSource, and a dynamic filename.

TrustedSourceFromEnvVar is a wrapper around os.Getenv that returns a TrustedSource containing the value of the environment variable named by the key.

TrustedSourceFromFlag returns a TrustedSource containing the string representation of the retrieved value of the flag.

TrustedSourceJoin is a wrapper around path/filepath.Join that returns a TrustedSource formed by joining the given path elements into a single path, adding an OS-specific path separator if necessary.

ErrAmbigContext: "..

ErrBadHTML: "expected space, attr name, or end of tag, but got ...", "..

ErrBranchEnd: "{{if}} branches end in different contexts" Example: {{if .C}}<a href="{{end}}{{.X}} Discussion: Package html/template statically examines each path through an {{if}}, {{range}}, or {{with}} to escape any following pipelines.

ErrCSPCompatibility: `"javascript:" URI disallowed for CSP compatibility`, "inline event handler ..

ErrEndContext: "..

ErrEscapeAction: "cannot escape action ..." Discussion: Error returned while escaping an action using EscaperForContext.

ErrNoSuchTemplate: "no such template ..." Examples: {{define "main"}}<div {{template "attrs"}}>{{end}} {{define "attrs"}}href="{{.URL}}"{{end}} Discussion: Package html/template looks through template calls to compute the context.

ErrOutputContext: "cannot compute output context for template ..." Examples: {{define "t"}}{{if .T}}{{template "t" .T}}{{end}}{{.H}}",{{end}} Discussion: A recursive template does not end in the same context in which it starts, and a reliable output context cannot be computed.

ErrPartialCharset: "unfinished JS regexp charset in ..." Example: <script>var pattern = /foo[{{.Chars}}]/</script> Discussion: Package html/template does not support interpolation into regular expression literal character sets.

ErrPartialEscape: "unfinished escape sequence in ..." Example: <script>alert("\{{.X}}")</script> Discussion: Package html/template does not support actions following a backslash.

ErrPredefinedEscaper: "predefined escaper ..

ErrRangeLoopReentry: "on range loop re-entry: ..." Example: <script>var x = [{{range .}}'{{.}},{{end}}]</script> Discussion: If an iteration through a range would cause it to end in a different context than an earlier pass, there is no single context.

ErrSlashAmbig: '/' could start a division or regexp.

All JS templates inside script literals have to be balanced; otherwise a concatenation such as <script>alert(`x{{.data}}`</script> can contain XSS if data contains user-controlled escaped strings (e.g.

OK indicates the lack of an error.

Error describes a problem encountered during template Escaping.

Template is a specialized Template from "text/template" that produces a safe HTML document fragment.

A TrustedFS is an immutable type referencing a filesystem (fs.FS) under application control.

A TrustedSource is an immutable string-like type referencing trusted template files under application control.

A TrustedTemplate is an immutable string-like type containing a safehtml/template template body.

ErrorCode is a code for a kind of error.

FuncMap is the type of the map defining the mapping from names to functions.