From: Mike Samuel Date: Tue, 20 Sep 2011 02:52:31 +0000 (-0700) Subject: exp/template/html: allow commenting out of actions X-Git-Tag: weekly.2011-09-21~23 X-Git-Url: http://www.git.cypherpunks.su/?a=commitdiff_plain;h=8bc5ef6cd7627eb6fe41e4f60cb33221d681927d;p=gostls13.git exp/template/html: allow commenting out of actions Instead of erroring on actions inside comments, use existing escaping pipeline to quash the output of actions inside comments. If a template maintainer uses a comment to disable template code: {{if .}}Hello, {{.}}!{{end}} -> will result in regardless of the value of {{.}}. In a later CL, comment elision will result in the entire commented-out section being dropped from the template output. Any side-effects in pipelines, such as panics, will still be realized. R=nigeltao CC=golang-dev https://golang.org/cl/5078041 --- diff --git a/src/pkg/exp/template/html/error.go b/src/pkg/exp/template/html/error.go index 5fa2357433..f06251d604 100644 --- a/src/pkg/exp/template/html/error.go +++ b/src/pkg/exp/template/html/error.go @@ -100,19 +100,6 @@ const ( // produce a valid JavaScript Program. ErrEndContext - // ErrInsideComment: "... appears inside a comment" - // Example: - // - // - // - // - // Discussion: - // {{.X}} appears inside a comment. There is no escaping convention for - // comments. To use IE conditional comments, inject the whole comment - // as an HTML, JS, or CSS value (see content.go). - // To comment out code, break the {{...}}. - ErrInsideComment - // ErrNoNames: "must specify names of top level templates" // // EscapeSet does not assume that all templates in a set produce HTML. diff --git a/src/pkg/exp/template/html/escape.go b/src/pkg/exp/template/html/escape.go index e307fc9ae4..b859751140 100644 --- a/src/pkg/exp/template/html/escape.go +++ b/src/pkg/exp/template/html/escape.go @@ -64,6 +64,7 @@ func EscapeSet(s *template.Set, names ...string) (*template.Set, os.Error) { // funcMap maps command names to functions that render their inputs safe. var funcMap = template.FuncMap{ "exp_template_html_attrescaper": attrEscaper, + "exp_template_html_commentescaper": commentEscaper, "exp_template_html_cssescaper": cssEscaper, "exp_template_html_cssvaluefilter": cssValueFilter, "exp_template_html_htmlnamefilter": htmlNameFilter, @@ -200,12 +201,10 @@ func (e *escaper) escapeAction(c context, n *parse.ActionNode) context { s = append(s, "exp_template_html_htmlnamefilter") default: if isComment(c.state) { - return context{ - state: stateError, - err: errorf(ErrInsideComment, n.Line, "%s appears inside a comment", n), - } + s = append(s, "exp_template_html_commentescaper") + } else { + panic("unexpected state " + c.state.String()) } - panic("unexpected state " + c.state.String()) } switch c.delim { case delimNone: diff --git a/src/pkg/exp/template/html/escape_test.go b/src/pkg/exp/template/html/escape_test.go index 47927e753e..594a9606d7 100644 --- a/src/pkg/exp/template/html/escape_test.go +++ b/src/pkg/exp/template/html/escape_test.go @@ -361,11 +361,94 @@ func TestEscape(t *testing.T) { ``, }, { - "comment", + "HTML comment", "Hello, {{.C}}", // TODO: Elide comment. "Hello, <Cincinatti>", }, + { + "Split HTML comment", + "Hello, {{.C}}{{else}}world -->{{.W}}{{end}}", + "Hello, <Cincinatti>", + }, + { + "JS line comment", + "", + "", + }, + { + "JS multiline block comment", + "", + // Newline separates break from call. If newline + // removed, then break will consume label leaving + // code invalid. + "", + }, + { + "JS single-line block comment", + "", + // Newline separates break from call. If newline + // removed, then break will consume label leaving + // code invalid. + "", + }, + { + "JS block comment flush with mathematical division", + "", + "", + }, + { + "JS mixed comments", + "", + "", + }, + { + "CSS comments", + "`, + "", + }, + { + "JS attr block comment", + ``, + // Attribute comment tests should pass if the comments + // are successfully elided. + ``, + }, + { + "JS attr line comment", + ``, + ``, + }, + { + "CSS attr block comment", + ``, + ``, + }, + { + "CSS attr line comment", + ``, + ``, + }, + { + "HTML substitution commented out", + "

", + "

", + }, + { + "Comment ends flush with start", + "", + "", + }, { "typed HTML in text", `{{.W}}`, @@ -717,26 +800,6 @@ func TestErrors(t *testing.T) { ``, - `z:1: (action: [(command: [F=[X]])]) appears inside a comment`, - }, - { - ``, - `z:1: (action: [(command: [F=[X]])]) appears inside a comment`, - }, - { - ``, - `z:1: (action: [(command: [F=[X]])]) appears inside a comment`, - }, - { - ``, - `z:1: (action: [(command: [F=[X]])]) appears inside a comment`, - }, - { - "", - "z:1: (action: [(command: [F=[H]])]) appears inside a comment", - }, { // It is ambiguous whether 1.5 should be 1\.5 or 1.5. // Either `var x = 1/- 1.5 /i.test(x)` diff --git a/src/pkg/exp/template/html/html.go b/src/pkg/exp/template/html/html.go index 52472d193e..7b5fab0d93 100644 --- a/src/pkg/exp/template/html/html.go +++ b/src/pkg/exp/template/html/html.go @@ -224,3 +224,13 @@ func htmlNameFilter(args ...interface{}) string { } return s } + +// commentEscaper returns the empty string regardless of input. +// Comment content does not correspond to any parsed structure or +// human-readable content, so the simplest and most secure policy is to drop +// content interpolated into comments. +// This approach is equally valid whether or not static comment content is +// removed from the template. +func commentEscaper(args ...interface{}) string { + return "" +}