周威学Go从入门到放弃第十二篇（表单数据获取，表单校验，跨站脚本攻击）

package main

import (
	"fmt"
	"html/template"
	"log"
	"net/http"
	"strconv"
)

func main() {
	http.HandleFunc("/", index)
	http.HandleFunc("/login", login)
	err := http.ListenAndServe(":8888", nil)
	if err != nil {
		log.Fatal("ListenAndServe: ", err)
	}
}

func index(response http.ResponseWriter, request *http.Request) {
	request.ParseForm()
	if request.Method == "GET" {
		t, err := template.ParseFiles("login.gtpl")
		log.Println(t.Execute(response, err))
	}
}

func login(response http.ResponseWriter, request *http.Request) {
	if request.Method == "POST" {
		//表单数据解析
		request.ParseForm()
		//获取表单数据，并做判断
		if username := request.Form.Get("username"); len(username) == 0 {
			log.Fatal("用户名不能为空")
		} else {
			//脚本转换 防止攻击 输入：<script>alert()</script>  打印的是：&lt;script&gt;alert()&lt;/script&gt;
			username = template.HTMLEscapeString(username)
			fmt.Println(username)
		}
		if age, err := strconv.Atoi(request.Form.Get("age")); err != nil || age <= 0 || age >= 100 {
			log.Fatal("年龄必须为数字")
		}
		fmt.Println(request.Form["hobbies"])
		fmt.Println(request.Form.Get("sex"))
		//返回数据给页面
		template.HTMLEscape(response, []byte("<script>alert()</script>"))
	}
}

<html>
<head>
<title></title>
</head>
<body>
<form action="/login" method="post">
	用户名:<input type="text" name="username"><br />
	年龄：<input type="text" name="age"><br />
	性别：<input type="radio" name="sex" value="0">男<input type="radio" name="sex" value="1">女
	爱好：<input type="checkbox" name="hobbies" value="basketball">篮球<input type="checkbox" name="hobbies" value="badminton">羽毛球
	<input type="submit" value="登录">
</form>
</body>
</html>