Open emehrkay opened 2 weeks ago
I think it would be standard form for that to be an extra function that ends with f
such as URLf
. I believe that this standard is used by editors to highlight the format string differently.
I like the idea of having a url format / builder function.
If it was the signature of Sprintf
, e.g.: urlf.Sprintf("/path/%s/fileName.js?%s=%v", "pathvar/", "qkey?", "&other=true")
there's a few dangers to consider... Because of the context of the variable substitution, there's a risk of injection attacks, so the values would need to be appropriately escaped:
/
etc. is encoded.?
, =
etc. are properly encoded.There's also the question of what happens if you do something like:
urlf.Sprintf("?%s", "data")
It could live in github.com/a-h/templ/urlf
to avoid the name of oddity of templ.URLf
or similar, but I don't mind templ.URL
I wonder if a builder style is better, since it turns issues with sprintf
replacement into compile time issues:
urlbuilder.Build().Path("a").Path("b").Path(c).Query(key, value)
There could be an unsafe counterpart too, urlf.UnsafeSprintf
.
Go from:
To:
This would be a backwards compatible change and would save some function nesting in templ funcs