I have a GO web application that is using the HTML templating feature. I am attempting to encrypt the user's password before it is submitted in a form. The steps to accomplish this are:
However as the listed steps are being executed the expected output is incorrect. Instead of encrypting the value of the input, it encrypts the variable name as shown below.
username: mass
encrypted: ABZT7a7K+l7uMu2ZMq/K8ucyJKwdq0TVTmKlShBLo40iPeA3U2Pm9oTCCw==
decrypted: ' + raw_val + '
So how do I get the JavaScript value passed into the encrypt function as opposed to the variable name being passed in? I am not very familiar with JavaScript, so either I am concatenating the strings incorrectly or I could be trying the impossible but I am not aware.
Below is the HTML source code I have in the template.
<!DOCTYPE html>
<html>
<head></head>
<title>Buy Bot</title>
<body>
<form name="login" action="/login" method="POST" onsubmit="encrypt()">
<div>
<label for="username">username:</label>
<input id="username" type="text" name="username" placeholder={{.KycInfo}} required>
<div>
</br>
<div>
<label for="password">password:</label>
<input id="password" type="password" name="password" placeholder="password" required>
</div>
</br>
<div>
remember me <input id="rememberme" type="checkbox" name="rememberme">
</div>
</br>
<div>
<input type="submit" value="login">
</div>
</form>
</body>
</html>
<script
type="text/javascript">
function encrypt(){
var raw_val = document.getElementById("password").value
console.log("password: ",raw_val)
let encrypted = '{{.Encrypt "' + raw_val + '"}}'
console.log("encrypted: ",encrypted)
document.login.password.value = encrypted;
return true;
}
</script>
You can't pass a JavaScript variable value to a Go function using a template (the template will be already generated on the client when assigning a value to the JavaScript variable).
In a login form, you usually send the raw password value and encrypt/hash it server-side. You should already be securely sending the password by using SSL.