package main
import (
"fmt"
"html/template"
"log"
"net/http"
"strconv"
)
func main() {
http.HandleFunc("/", index)
http.HandleFunc("/login", login)
err := http.ListenAndServe(":8888", nil)
if err != nil {
log.Fatal("ListenAndServe: ", err)
}
}
func index(response http.ResponseWriter, request *http.Request) {
request.ParseForm()
if request.Method == "GET" {
t, err := template.ParseFiles("login.gtpl")
log.Println(t.Execute(response, err))
}
}
func login(response http.ResponseWriter, request *http.Request) {
if request.Method == "POST" {
//表单数据解析
request.ParseForm()
//获取表单数据,并做判断
if username := request.Form.Get("username"); len(username) == 0 {
log.Fatal("用户名不能为空")
} else {
//脚本转换 防止攻击 输入:<script>alert()</script> 打印的是:<script>alert()</script>
username = template.HTMLEscapeString(username)
fmt.Println(username)
}
if age, err := strconv.Atoi(request.Form.Get("age")); err != nil || age <= 0 || age >= 100 {
log.Fatal("年龄必须为数字")
}
fmt.Println(request.Form["hobbies"])
fmt.Println(request.Form.Get("sex"))
//返回数据给页面
template.HTMLEscape(response, []byte("<script>alert()</script>"))
}
}
<html>
<head>
<title></title>
</head>
<body>
<form action="/login" method="post">
用户名:<input type="text" name="username"><br />
年龄:<input type="text" name="age"><br />
性别:<input type="radio" name="sex" value="0">男<input type="radio" name="sex" value="1">女
爱好:<input type="checkbox" name="hobbies" value="basketball">篮球<input type="checkbox" name="hobbies" value="badminton">羽毛球
<input type="submit" value="登录">
</form>
</body>
</html>