Template Safety

Prevent XSS by default - and learn how to intentionally allow HTML.

Go’s html/template package automatically escapes content to prevent cross-site scripting (XSS).

If you need to intentionally render raw HTML, use template.HTML in your Go logic:

map[string]interface{}{
  "RawHTML": template.HTML("<strong>safe</strong>"),
}

Be very cautious with this - only use it with trusted input.

← Control Structures

Use native Go template logic like if, range, and with.

Template Helpers →

Barry provides multiple template helper functions