Cypherpunks.ru repositories - gostls13.git/commit

author	Roland Shoemaker <roland@golang.org>
	Wed, 5 Jul 2023 18:56:03 +0000 (11:56 -0700)
committer	Gopher Robot <gobot@golang.org>
	Mon, 2 Oct 2023 15:18:39 +0000 (15:18 +0000)
commit	c9c885f92f540878d85c02b510c62a3ebf87baf6
tree	f0988905deb70eb0c04784ce8b4e8d31f95ca1b4	tree
parent	deb8e29000ebecbd788e0e86e239d52c26707457	commit \| diff

html/template: support parsing complex JS template literals

This change undoes the restrictions added in CL 482079, which added a
blanket ban on using actions within JS template literal strings, and
adds logic to support actions while properly applies contextual escaping
based on the correct context within the literal.

Since template literals can contain both normal strings, and nested JS
contexts, logic is required to properly track those context switches
during parsing.

ErrJsTmplLit is deprecated, and the GODEBUG flag jstmpllitinterp no
longer does anything.

Fixes #61619

Change-Id: I0338cc6f663723267b8f7aaacc55aa28f60906f2
Reviewed-on: https://go-review.googlesource.com/c/go/+/507995
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Roland Shoemaker <roland@golang.org>
Reviewed-by: Damien Neil <dneil@google.com>

api/next/61619.txt	[new file with mode: 0644]	blob
src/html/template/context.go		diff \| blob \| history
src/html/template/error.go		diff \| blob \| history
src/html/template/escape.go		diff \| blob \| history
src/html/template/escape_test.go		diff \| blob \| history
src/html/template/js.go		diff \| blob \| history
src/html/template/state_string.go		diff \| blob \| history
src/html/template/transition.go		diff \| blob \| history