Add basic autoescape="strict" support

ast/node.go

@@ -102,6 +102,7 @@ const (
 	AutoescapeOn
 	AutoescapeOff
 	AutoescapeContextual
+	AutoescapeStrict
 )
 
 // TemplateNode holds a template body.

doc.go

@@ -142,8 +142,14 @@ The goal is full compatibility and feature parity with the official Closure
 Templates project.
 
 The server-side templating functionality is well tested and nearly complete,
-except for two notable areas: contextual autoescaping and
-internationalization/bidi support.  Contributions welcome.
+except for a few notable areas:
+
+ * contextual autoescaping
+ * strict autoescaping enforcement
+ * internationalization/bidi support
+ * strongly-typed parameter declarations (via the `{@param}` command)
+
+Contributions to address these shortcomings are welcome.
 
 The Javascript generation is early and lacks many generation options, but
 it successfully passes the server-side template test suite. Note that it is

parse/parse.go

@@ -612,6 +612,8 @@ func (t *tree) parseAutoescape(attrs map[string]string) ast.AutoescapeType {
 		return ast.AutoescapeOn
 	case "false":
 		return ast.AutoescapeOff
+	case "strict":
+		return ast.AutoescapeStrict
 	default:
 		t.errorf(`expected "true", "false", or "contextual" for autoescape, got %q`, val)
 	}

soyhtml/renderer.go

@@ -42,7 +42,7 @@ func (t Renderer) Execute(wr io.Writer, obj data.Map) (err error) {
 
 	var autoescapeMode = tmpl.Namespace.Autoescape
 	if autoescapeMode == ast.AutoescapeUnspecified {
-		autoescapeMode = ast.AutoescapeOn
+		autoescapeMode = ast.AutoescapeStrict
 	}
 
 	var initialScope = newScope(obj)