feat(server/m7-363): branding-aware index handler with html/template
This commit is contained in:
@@ -0,0 +1,32 @@
|
||||
package web
|
||||
|
||||
import (
|
||||
"bytes"
|
||||
"fmt"
|
||||
"html/template"
|
||||
|
||||
"git.fabledsword.com/bvandeusen/minstrel/internal/config"
|
||||
)
|
||||
|
||||
// applyBrandingTemplate parses the given HTML source as an html/template,
|
||||
// substitutes the branding fields, and returns the rendered bytes. Used
|
||||
// by Handler at construction time so each request serves cached output
|
||||
// rather than re-rendering. The Vite build (T4) injects the {{ .AppName }}
|
||||
// and similar tokens into the head of build/index.html; in dev (vite dev)
|
||||
// no tokens are present and the template effectively returns the source
|
||||
// unchanged.
|
||||
//
|
||||
// html/template's context-aware escaping handles XSS for both the
|
||||
// HTML-attribute contexts (e.g. <meta content="...">) and the JS-string
|
||||
// context inside <script>window.__MINSTREL__ = { appName: "..." }</script>.
|
||||
func applyBrandingTemplate(htmlSrc string, branding config.BrandingConfig) ([]byte, error) {
|
||||
tpl, err := template.New("index").Parse(htmlSrc)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("parse index template: %w", err)
|
||||
}
|
||||
var buf bytes.Buffer
|
||||
if err := tpl.Execute(&buf, branding); err != nil {
|
||||
return nil, fmt.Errorf("execute index template: %w", err)
|
||||
}
|
||||
return buf.Bytes(), nil
|
||||
}
|
||||
Reference in New Issue
Block a user