wiki-cafe/member-console
0
0
Fork 0
Code Issues Pull Requests Packages Projects 1 Releases Activity
Files
8065d4837aff
member-console/openspec/specs/safe-template-rendering/spec.md
Christian Galo 675a4d93a3 Buffer template rendering and fix FedWiki sync 
Introduce SafeTemplates.Render to execute templates into a buffer and
prevent partial HTML on errors. Replace direct ExecuteTemplate calls in
partial handlers and add a make lint-templates target to catch bypasses.
Update operator sites template/view model to use OwnerOrgName. Guard the
FedWiki sync by skipping inserts when DefaultWorkspaceID is empty and
scope deletes to the configured default workspace only.
2026-03-29 04:58:02 -05:00

1.8 KiB
Raw Blame History

safe-template-rendering

Purpose

Defines the pattern for safe template rendering in HTMX partial handlers to prevent truncated HTML from reaching clients.

Requirements

Requirement: Buffered template execution for HTMX partials

All HTMX partial handlers SHALL render templates into a buffer before writing to the HTTP response. If template execution fails, the handler SHALL return an error response (HTML error fragment) instead of partial/truncated HTML.

Scenario: Template executes successfully

  • WHEN an HTMX partial handler renders a template with valid data
  • THEN the full HTML output is written to the ResponseWriter with status 200

Scenario: Template execution fails due to missing field

  • WHEN a template references a field that does not exist on the data struct
  • THEN no partial HTML is written to the ResponseWriter
  • AND an error HTML fragment is returned to the client
  • AND the error is logged with template name and error details

Scenario: Template execution fails due to nil data

  • WHEN a template is executed with nil or invalid data
  • THEN no partial HTML is written to the ResponseWriter
  • AND an error HTML fragment is returned to the client

Requirement: Centralized template execution helper

The server package SHALL provide a shared helper function for buffered template execution. All HTMX partial handlers (operator, fedwiki, dashboard) SHALL use this helper instead of calling ExecuteTemplate directly on http.ResponseWriter.

Scenario: Helper function signature

  • WHEN a handler needs to render a template
  • THEN it calls the shared helper with the ResponseWriter, template set, template name, and data
  • AND the helper handles buffering, error detection, and error response rendering internally