package web import ( "bytes" "fmt" "html/template" "git.fabledsword.com/bvandeusen/minstrel/internal/config" ) // applyBrandingTemplate parses the given HTML source as an html/template, // substitutes the branding fields, and returns the rendered bytes. Used // by Handler at construction time so each request serves cached output // rather than re-rendering. The Vite build (T4) injects the {{ .AppName }} // and similar tokens into the head of build/index.html; in dev (vite dev) // no tokens are present and the template effectively returns the source // unchanged. // // html/template's context-aware escaping handles XSS for both the // HTML-attribute contexts (e.g. ) and the JS-string // context inside . func applyBrandingTemplate(htmlSrc string, branding config.BrandingConfig) ([]byte, error) { tpl, err := template.New("index").Parse(htmlSrc) if err != nil { return nil, fmt.Errorf("parse index template: %w", err) } var buf bytes.Buffer if err := tpl.Execute(&buf, branding); err != nil { return nil, fmt.Errorf("execute index template: %w", err) } return buf.Bytes(), nil }