From: Roland Shoemaker Date: Wed, 4 Oct 2023 13:18:08 +0000 (-0700) Subject: html/template: only track brace depth when we are in a JS tmpl lit X-Git-Tag: go1.22rc1~679 X-Git-Url: http://www.git.cypherpunks.su/?a=commitdiff_plain;h=26d07d80ca0093f87f37a02600eb1715ca0431a1;p=gostls13.git html/template: only track brace depth when we are in a JS tmpl lit The change that keeps on giving. Only track brace depth in tJS if we are already inside of a template literal. If we start tracking depth outside of nested literals it can cause the parser to think we're still in a JS context when we've actually closed the string interp. I believe this _mostly_ captures the expected parsing, but since the JS parser does not implement proper lexical goal symbols, it may not be entirely accurate. At some point in the future we may be able to significantly reduce the complexity of this implementation by implementing a lexical parser that more closely follows the ECMAScript specification, and structuring escaping rules based on which symbol an action appears in. This would also allow us to catch errors, which we currently cannot reasonable do (although perhaps this is beyond the scope of what html/template _should_ be doing). Updates #61619 Change-Id: I56e1dbc0d0705ef8fb7a5454ebe2421d4e162ef6 Reviewed-on: https://go-review.googlesource.com/c/go/+/532595 LUCI-TryBot-Result: Go LUCI Reviewed-by: Damien Neil --- diff --git a/src/html/template/escape_test.go b/src/html/template/escape_test.go index 9e2f4fe922..91fbfb9a3c 100644 --- a/src/html/template/escape_test.go +++ b/src/html/template/escape_test.go @@ -1163,26 +1163,6 @@ func TestErrors(t *testing.T) { // html is allowed since it is the last command in the pipeline, but urlquery is not. `predefined escaper "urlquery" disallowed in template`, }, - // { - // "", - // `{{.}} appears in a JS template literal`, - // }, - // { - // "", - // `{{.V}} appears in a JS template literal`, - // }, - // { - // "", - // `{{.}} appears in a JS template literal`, - // }, - // { - // "", - // `{{.}} appears in a JS template literal`, - // }, - // { - // "", - // `{{.}} appears in a JS template literal`, - // }, } for _, test := range tests { buf := new(bytes.Buffer) @@ -1800,6 +1780,30 @@ func TestEscapeText(t *testing.T) { "