appcore/email/render.go

// Copyright 2024 Patial Tech (Ankit Patial).
//
// This file is part of code.patial.tech/go/appcore, which is MIT licensed.
// See http://opensource.org/licenses/MIT

package email

import (
	"bytes"
	"html/template"
	txt "text/template"
)

// RenderHTMLTemplate renders HTML email templates with automatic XSS protection.
//
// SECURITY WARNING:
//   - DO NOT pass untrusted user input as layout or content parameters
//   - Only use trusted, predefined template strings
//   - User data should ONLY be passed via the data map parameter
//   - The html/template package auto-escapes data to prevent XSS
//   - Template injection attacks are possible if template strings come from user input
//
// Example of SECURE usage:
//
//	const layoutTemplate = "<html><body>{{template \"content\" .}}</body></html>"
//	const contentTemplate = "<h1>Hello {{.Name}}</h1>"
//	data := map[string]any{"Name": userInput}  // Safe - will be escaped
//	html, err := RenderHTMLTemplate(layoutTemplate, contentTemplate, data)
func RenderHTMLTemplate(layout, content string, data map[string]any) (string, error) {
	// layout
	tpl, err := template.New("layout").Parse(layout)
	if err != nil {
		return "", err
	}

	// content
	_, err = tpl.New("content").Parse(content)
	if err != nil {
		return "", err
	}

	// execute layout + content template and RenderHTML data
	buf := new(bytes.Buffer)
	err = tpl.ExecuteTemplate(buf, "layout", data)
	if err != nil {
		return "", err
	}

	return buf.String(), nil
}

// RenderTxtTemplate renders plain text email templates WITHOUT escaping.
//
// SECURITY WARNING:
//   - DO NOT use this function for HTML content (use RenderHTMLTemplate instead)
//   - DO NOT pass untrusted user input as the content parameter
//   - Only use trusted, predefined template strings
//   - User data should ONLY be passed via the data map parameter
//   - text/template does NOT provide XSS protection - no auto-escaping
//   - Template injection attacks are possible if content comes from user input
//
// Example of SECURE usage:
//
//	const textTemplate = "Hello {{.Name}}, your order #{{.OrderID}} is confirmed."
//	data := map[string]any{"Name": userName, "OrderID": orderID}
//	text, err := RenderTxtTemplate(textTemplate, data)
func RenderTxtTemplate(content string, data map[string]any) (string, error) {
	tpl, err := txt.New("content").Parse(content)
	if err != nil {
		return "", err
	}

	buf := new(bytes.Buffer)
	err = tpl.ExecuteTemplate(buf, "content", data)
	if err != nil {
		return "", err
	}

	return buf.String(), nil
}
license text change 2025-06-16 22:26:47 +05:30			`// Copyright 2024 Patial Tech (Ankit Patial).`
			`//`
			`// This file is part of code.patial.tech/go/appcore, which is MIT licensed.`
			`// See http://opensource.org/licenses/MIT`

basic common app packages 2025-06-16 22:19:00 +05:30			`package email`

			`import (`
			`"bytes"`
			`"html/template"`
			`txt "text/template"`
			`)`

Security fixes and improvements CRITICAL FIXES: - jwt: Replace log.Fatal() with proper error returns to prevent DoS - open: Add comprehensive input validation to prevent command injection - Added validate.go for path traversal and URI validation - Added platform-specific app name validation (darwin, linux, windows) - Linux version verifies apps exist in PATH HIGH PRIORITY FIXES: - crypto: Add bounds checking in Decrypt to prevent panic on malformed input - crypto: Validate encryption key sizes (must be 16, 24, or 32 bytes for AES) - email: Add security warnings for template injection risks in RenderHTMLTemplate/RenderTxtTemplate MEDIUM PRIORITY FIXES: - request: Add configurable request body size limits (1MB default) to prevent DoS - request: Apply size limits to Payload() and DecodeJSON() functions LOW PRIORITY FIXES: - gz: Add defer close for gzip reader to prevent resource leak IMPROVEMENTS: - README: Complete rewrite with comprehensive documentation - Added installation instructions and usage examples - Documented all packages with code samples - Added badges, features list, and use cases - Included security practices and dependencies TESTING: - All existing tests pass - No breaking changes to public APIs - All packages build successfully Security grade improved from B+ to A- 2025-11-17 19:23:38 +05:30			`// RenderHTMLTemplate renders HTML email templates with automatic XSS protection.`
			`//`
			`// SECURITY WARNING:`
			`// - DO NOT pass untrusted user input as layout or content parameters`
			`// - Only use trusted, predefined template strings`
			`// - User data should ONLY be passed via the data map parameter`
			`// - The html/template package auto-escapes data to prevent XSS`
			`// - Template injection attacks are possible if template strings come from user input`
			`//`
			`// Example of SECURE usage:`
			`//`
			`// const layoutTemplate = "<html><body>{{template \"content\" .}}</body></html>"`
			`// const contentTemplate = "<h1>Hello {{.Name}}</h1>"`
			`// data := map[string]any{"Name": userInput} // Safe - will be escaped`
			`// html, err := RenderHTMLTemplate(layoutTemplate, contentTemplate, data)`
basic common app packages 2025-06-16 22:19:00 +05:30			`func RenderHTMLTemplate(layout, content string, data map[string]any) (string, error) {`
			`// layout`
			`tpl, err := template.New("layout").Parse(layout)`
			`if err != nil {`
			`return "", err`
			`}`

			`// content`
			`_, err = tpl.New("content").Parse(content)`
			`if err != nil {`
			`return "", err`
			`}`

			`// execute layout + content template and RenderHTML data`
			`buf := new(bytes.Buffer)`
			`err = tpl.ExecuteTemplate(buf, "layout", data)`
			`if err != nil {`
			`return "", err`
			`}`

			`return buf.String(), nil`
			`}`

Security fixes and improvements CRITICAL FIXES: - jwt: Replace log.Fatal() with proper error returns to prevent DoS - open: Add comprehensive input validation to prevent command injection - Added validate.go for path traversal and URI validation - Added platform-specific app name validation (darwin, linux, windows) - Linux version verifies apps exist in PATH HIGH PRIORITY FIXES: - crypto: Add bounds checking in Decrypt to prevent panic on malformed input - crypto: Validate encryption key sizes (must be 16, 24, or 32 bytes for AES) - email: Add security warnings for template injection risks in RenderHTMLTemplate/RenderTxtTemplate MEDIUM PRIORITY FIXES: - request: Add configurable request body size limits (1MB default) to prevent DoS - request: Apply size limits to Payload() and DecodeJSON() functions LOW PRIORITY FIXES: - gz: Add defer close for gzip reader to prevent resource leak IMPROVEMENTS: - README: Complete rewrite with comprehensive documentation - Added installation instructions and usage examples - Documented all packages with code samples - Added badges, features list, and use cases - Included security practices and dependencies TESTING: - All existing tests pass - No breaking changes to public APIs - All packages build successfully Security grade improved from B+ to A- 2025-11-17 19:23:38 +05:30			`// RenderTxtTemplate renders plain text email templates WITHOUT escaping.`
			`//`
			`// SECURITY WARNING:`
			`// - DO NOT use this function for HTML content (use RenderHTMLTemplate instead)`
			`// - DO NOT pass untrusted user input as the content parameter`
			`// - Only use trusted, predefined template strings`
			`// - User data should ONLY be passed via the data map parameter`
			`// - text/template does NOT provide XSS protection - no auto-escaping`
			`// - Template injection attacks are possible if content comes from user input`
			`//`
			`// Example of SECURE usage:`
			`//`
			`// const textTemplate = "Hello {{.Name}}, your order #{{.OrderID}} is confirmed."`
			`// data := map[string]any{"Name": userName, "OrderID": orderID}`
			`// text, err := RenderTxtTemplate(textTemplate, data)`
basic common app packages 2025-06-16 22:19:00 +05:30			`func RenderTxtTemplate(content string, data map[string]any) (string, error) {`
			`tpl, err := txt.New("content").Parse(content)`
			`if err != nil {`
			`return "", err`
			`}`

			`buf := new(bytes.Buffer)`
			`err = tpl.ExecuteTemplate(buf, "content", data)`
			`if err != nil {`
			`return "", err`
			`}`

			`return buf.String(), nil`
			`}`