33 lines
1.2 KiB
Go
33 lines
1.2 KiB
Go
package web
|
|
|
|
import (
|
|
"bytes"
|
|
"fmt"
|
|
"html/template"
|
|
|
|
"git.fabledsword.com/bvandeusen/minstrel/internal/config"
|
|
)
|
|
|
|
// applyBrandingTemplate parses the given HTML source as an html/template,
|
|
// substitutes the branding fields, and returns the rendered bytes. Used
|
|
// by Handler at construction time so each request serves cached output
|
|
// rather than re-rendering. The Vite build (T4) injects the {{ .AppName }}
|
|
// and similar tokens into the head of build/index.html; in dev (vite dev)
|
|
// no tokens are present and the template effectively returns the source
|
|
// unchanged.
|
|
//
|
|
// html/template's context-aware escaping handles XSS for both the
|
|
// HTML-attribute contexts (e.g. <meta content="...">) and the JS-string
|
|
// context inside <script>window.__MINSTREL__ = { appName: "..." }</script>.
|
|
func applyBrandingTemplate(htmlSrc string, branding config.BrandingConfig) ([]byte, error) {
|
|
tpl, err := template.New("index").Parse(htmlSrc)
|
|
if err != nil {
|
|
return nil, fmt.Errorf("parse index template: %w", err)
|
|
}
|
|
var buf bytes.Buffer
|
|
if err := tpl.Execute(&buf, branding); err != nil {
|
|
return nil, fmt.Errorf("execute index template: %w", err)
|
|
}
|
|
return buf.Bytes(), nil
|
|
}
|