Incorrect inline-style about amber HOT 3 CLOSED

It seems that the ZgotmplZ is returned by go html/template to indicate the content is unsafe.
But why is color:black; background:write unsafe in style?

from amber.

I don't know. However:

This exposes the fact that amber's handling of parts of the amber template is at odds with package html/template's security approach, treating templates as trusted and data as untrusted. Amber injects parts of the amber templates as data into templates of type html/template, subjecting what should be trusted (Amber) templates to treatment intended to protect from malicious injections. This is presumably responsible for many issues, including this one.

from amber.

Just for the record, I do have a workaround. I'm sure that others already have found & used this workaround, but I figure I could just post it here for posterity until it gets fixed (if it needs to be fixed...this seems to work pretty well for me):

Since amber compiles to html/template, something of type template.CSS can be returned and used in the style attribute. Here is an example from my latest project:

import (
    "fmt"
    "html/template"
)

type tagData struct {
    Tag   string
    Size  float64
}

func (t tagData) Style() template.CSS {
    return template.CSS(fmt.Sprintf("font-size: %.2fem;", t.Size))
}

This object is passed in to my template as Tag:

...
a[href="/posts/tag/" + Tag.Tag"][style=Tag.Style] #{Tag.Tag}
...

And is rendered as (for data {"MyTag",0.7}:

<a href="/posts/tag/MyTag" style="font-size: 0.70em;">MyTag</a>

from amber.