From: Sean Liao <sean@liao.dev>
Date: Sat, 15 Mar 2025 00:14:14 +0000 (+0000)
Subject: html/template: document comment stripping
X-Git-Tag: go1.25rc1~690
X-Git-Url: http://www.git.cypherpunks.su/?a=commitdiff_plain;h=57c44fdefc818f90b98fa1d5c0cd0fccdc35edf8;p=gostls13.git

html/template: document comment stripping

Fixes #28628

Change-Id: I8b68f55f25e62f747d7cc48a490fec7f426f53d1
Reviewed-on: https://go-review.googlesource.com/c/go/+/658115
Reviewed-by: Ian Lance Taylor <iant@google.com>
Reviewed-by: David Chase <drchase@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
---

diff --git a/src/html/template/doc.go b/src/html/template/doc.go
index 4d880738e6..38d58669de 100644
--- a/src/html/template/doc.go
+++ b/src/html/template/doc.go
@@ -28,6 +28,9 @@ HTML templates treat data values as plain text which should be encoded so they
 can be safely embedded in an HTML document. The escaping is contextual, so
 actions can appear within JavaScript, CSS, and URI contexts.
 
+Comments are stripped from output, except for those passed in via the
+[HTML], [CSS], and [JS] types for their respective contexts.
+
 The security model used by this package assumes that template authors are
 trusted, while Execute's data parameter is not. More details are
 provided below.