From 4339497c7536f490cb92d83009f5deeacd32be2c Mon Sep 17 00:00:00 2001 From: Andy Hochhaus Date: Mon, 18 Jul 2016 14:10:38 -0700 Subject: [PATCH] Add basic autoescape="strict" support Fixed #44 --- ast/node.go | 1 + doc.go | 10 ++++++++-- parse/parse.go | 2 ++ soyhtml/renderer.go | 2 +- 4 files changed, 12 insertions(+), 3 deletions(-) diff --git a/ast/node.go b/ast/node.go index d129098..a389b98 100644 --- a/ast/node.go +++ b/ast/node.go @@ -102,6 +102,7 @@ const ( AutoescapeOn AutoescapeOff AutoescapeContextual + AutoescapeStrict ) // TemplateNode holds a template body. diff --git a/doc.go b/doc.go index 6ebd9e5..d8555d3 100644 --- a/doc.go +++ b/doc.go @@ -142,8 +142,14 @@ The goal is full compatibility and feature parity with the official Closure Templates project. The server-side templating functionality is well tested and nearly complete, -except for two notable areas: contextual autoescaping and -internationalization/bidi support. Contributions welcome. +except for a few notable areas: + + * contextual autoescaping + * strict autoescaping enforcement + * internationalization/bidi support + * strongly-typed parameter declarations (via the `{@param}` command) + +Contributions to address these shortcomings are welcome. The Javascript generation is early and lacks many generation options, but it successfully passes the server-side template test suite. Note that it is diff --git a/parse/parse.go b/parse/parse.go index e9db6a0..9b1df44 100644 --- a/parse/parse.go +++ b/parse/parse.go @@ -612,6 +612,8 @@ func (t *tree) parseAutoescape(attrs map[string]string) ast.AutoescapeType { return ast.AutoescapeOn case "false": return ast.AutoescapeOff + case "strict": + return ast.AutoescapeStrict default: t.errorf(`expected "true", "false", or "contextual" for autoescape, got %q`, val) } diff --git a/soyhtml/renderer.go b/soyhtml/renderer.go index b2a28eb..7739d2a 100644 --- a/soyhtml/renderer.go +++ b/soyhtml/renderer.go @@ -42,7 +42,7 @@ func (t Renderer) Execute(wr io.Writer, obj data.Map) (err error) { var autoescapeMode = tmpl.Namespace.Autoescape if autoescapeMode == ast.AutoescapeUnspecified { - autoescapeMode = ast.AutoescapeOn + autoescapeMode = ast.AutoescapeStrict } var initialScope = newScope(obj)