Add safeUrl; disable safeHtmlAttr; rename safeCSS to safeCss

- Add `safeUrl` template function (Fixes #347)
- Add TestSafeUrl() fashioned after @tatsushid great examples
- Disable `safeHtmlAttr` pending further discussions on its other
  use cases because `safeUrl` is a cleaner solution to #347.
  (There are also `safeJs` and `safeJsStr` that we could implement
  if there are legitimate demands for them.)
- Rename `safeCSS` to `safeCss` (to follow the convention of `safeHtml`)
- Add/expand documentation on `safeHtml`, `safeCss` and `safeUrl`

tpl/template.go

@@ -910,14 +910,20 @@ func SafeHtml(text string) template.HTML {
 	return template.HTML(text)
 }
 
+// "safeHtmlAttr" is currently disabled, pending further discussion
+// on its use case.  2015-01-19
 func SafeHtmlAttr(text string) template.HTMLAttr {
 	return template.HTMLAttr(text)
 }
 
-func SafeCSS(text string) template.CSS {
+func SafeCss(text string) template.CSS {
 	return template.CSS(text)
 }
 
+func SafeUrl(text string) template.URL {
+	return template.URL(text)
+}
+
 func doArithmetic(a, b interface{}, op rune) (interface{}, error) {
 	av := reflect.ValueOf(a)
 	bv := reflect.ValueOf(b)
@@ -1251,8 +1257,8 @@ func init() {
 		"isset":        IsSet,
 		"echoParam":    ReturnWhenSet,
 		"safeHtml":     SafeHtml,
-		"safeHtmlAttr": SafeHtmlAttr,
-		"safeCSS":      SafeCSS,
+		"safeCss":      SafeCss,
+		"safeUrl":      SafeUrl,
 		"markdownify":  Markdownify,
 		"first":        First,
 		"where":        Where,

tpl/template_test.go

@@ -898,7 +898,7 @@ func TestSafeHtmlAttr(t *testing.T) {
 	}
 }
 
-func TestSafeCSS(t *testing.T) {
+func TestSafeCss(t *testing.T) {
 	for i, this := range []struct {
 		str                 string
 		tmplStr             string
@@ -910,6 +910,7 @@ func TestSafeCSS(t *testing.T) {
 		tmpl, err := template.New("test").Parse(this.tmplStr)
 		if err != nil {
 			t.Errorf("[%d] unable to create new html template %q: %s", this.tmplStr, err)
+			continue
 		}
 
 		buf := new(bytes.Buffer)
@@ -922,12 +923,47 @@ func TestSafeCSS(t *testing.T) {
 		}
 
 		buf.Reset()
-		err = tmpl.Execute(buf, SafeCSS(this.str))
+		err = tmpl.Execute(buf, SafeCss(this.str))
 		if err != nil {
-			t.Errorf("[%d] execute template with an escaped string value by SafeCSS returns unexpected error: %s", i, err)
+			t.Errorf("[%d] execute template with an escaped string value by SafeCss returns unexpected error: %s", i, err)
 		}
 		if buf.String() != this.expectWithEscape {
-			t.Errorf("[%d] execute template with an escaped string value by SafeCSS, got %v but expected %v", i, buf.String(), this.expectWithEscape)
+			t.Errorf("[%d] execute template with an escaped string value by SafeCss, got %v but expected %v", i, buf.String(), this.expectWithEscape)
+		}
+	}
+}
+
+func TestSafeUrl(t *testing.T) {
+	for i, this := range []struct {
+		str                 string
+		tmplStr             string
+		expectWithoutEscape string
+		expectWithEscape    string
+	}{
+		{`irc://irc.freenode.net/#golang`, `<a href="{{ . }}">IRC</a>`, `<a href="#ZgotmplZ">IRC</a>`, `<a href="irc://irc.freenode.net/#golang">IRC</a>`},
+	} {
+		tmpl, err := template.New("test").Parse(this.tmplStr)
+		if err != nil {
+			t.Errorf("[%d] unable to create new html template %q: %s", this.tmplStr, err)
+			continue
+		}
+
+		buf := new(bytes.Buffer)
+		err = tmpl.Execute(buf, this.str)
+		if err != nil {
+			t.Errorf("[%d] execute template with a raw string value returns unexpected error: %s", i, err)
+		}
+		if buf.String() != this.expectWithoutEscape {
+			t.Errorf("[%d] execute template with a raw string value, got %v but expected %v", i, buf.String(), this.expectWithoutEscape)
+		}
+
+		buf.Reset()
+		err = tmpl.Execute(buf, SafeUrl(this.str))
+		if err != nil {
+			t.Errorf("[%d] execute template with an escaped string value by SafeUrl returns unexpected error: %s", i, err)
+		}
+		if buf.String() != this.expectWithEscape {
+			t.Errorf("[%d] execute template with an escaped string value by SafeUrl, got %v but expected %v", i, buf.String(), this.expectWithEscape)
 		}
 	}
 }