diff --git a/src/pkg/exp/template/html/error.go b/src/pkg/exp/template/html/error.go
index 5fa2357433..f06251d604 100644
--- a/src/pkg/exp/template/html/error.go
+++ b/src/pkg/exp/template/html/error.go
@@ -100,19 +100,6 @@ const (
// produce a valid JavaScript Program.
ErrEndContext
- // ErrInsideComment: "... appears inside a comment"
- // Example:
- //
- //
- //
- //
- // Discussion:
- // {{.X}} appears inside a comment. There is no escaping convention for
- // comments. To use IE conditional comments, inject the whole comment
- // as an HTML, JS, or CSS value (see content.go).
- // To comment out code, break the {{...}}.
- ErrInsideComment
-
// ErrNoNames: "must specify names of top level templates"
//
// EscapeSet does not assume that all templates in a set produce HTML.
diff --git a/src/pkg/exp/template/html/escape.go b/src/pkg/exp/template/html/escape.go
index e307fc9ae4..b859751140 100644
--- a/src/pkg/exp/template/html/escape.go
+++ b/src/pkg/exp/template/html/escape.go
@@ -64,6 +64,7 @@ func EscapeSet(s *template.Set, names ...string) (*template.Set, os.Error) {
// funcMap maps command names to functions that render their inputs safe.
var funcMap = template.FuncMap{
"exp_template_html_attrescaper": attrEscaper,
+ "exp_template_html_commentescaper": commentEscaper,
"exp_template_html_cssescaper": cssEscaper,
"exp_template_html_cssvaluefilter": cssValueFilter,
"exp_template_html_htmlnamefilter": htmlNameFilter,
@@ -200,12 +201,10 @@ func (e *escaper) escapeAction(c context, n *parse.ActionNode) context {
s = append(s, "exp_template_html_htmlnamefilter")
default:
if isComment(c.state) {
- return context{
- state: stateError,
- err: errorf(ErrInsideComment, n.Line, "%s appears inside a comment", n),
- }
+ s = append(s, "exp_template_html_commentescaper")
+ } else {
+ panic("unexpected state " + c.state.String())
}
- panic("unexpected state " + c.state.String())
}
switch c.delim {
case delimNone:
diff --git a/src/pkg/exp/template/html/escape_test.go b/src/pkg/exp/template/html/escape_test.go
index 47927e753e..594a9606d7 100644
--- a/src/pkg/exp/template/html/escape_test.go
+++ b/src/pkg/exp/template/html/escape_test.go
@@ -361,11 +361,94 @@ func TestEscape(t *testing.T) {
``,
},
{
- "comment",
+ "HTML comment",
"Hello, {{.C}}",
// TODO: Elide comment.
"Hello, <Cincinatti>",
},
+ {
+ "Split HTML comment",
+ "Hello, {{.C}}{{else}}world -->{{.W}}{{end}}",
+ "Hello, <Cincinatti>",
+ },
+ {
+ "JS line comment",
+ "",
+ "",
+ },
+ {
+ "JS multiline block comment",
+ "",
+ // Newline separates break from call. If newline
+ // removed, then break will consume label leaving
+ // code invalid.
+ "",
+ },
+ {
+ "JS single-line block comment",
+ "",
+ // Newline separates break from call. If newline
+ // removed, then break will consume label leaving
+ // code invalid.
+ "",
+ },
+ {
+ "JS block comment flush with mathematical division",
+ "",
+ "",
+ },
+ {
+ "JS mixed comments",
+ "",
+ "",
+ },
+ {
+ "CSS comments",
+ "`,
+ "",
+ },
+ {
+ "JS attr block comment",
+ ``,
+ // Attribute comment tests should pass if the comments
+ // are successfully elided.
+ ``,
+ },
+ {
+ "JS attr line comment",
+ ``,
+ ``,
+ },
+ {
+ "CSS attr block comment",
+ ``,
+ ``,
+ },
+ {
+ "CSS attr line comment",
+ ``,
+ ``,
+ },
+ {
+ "HTML substitution commented out",
+ "",
+ "",
+ },
+ {
+ "Comment ends flush with start",
+ "",
+ "",
+ },
{
"typed HTML in text",
`{{.W}}`,
@@ -717,26 +800,6 @@ func TestErrors(t *testing.T) {
``,
- `z:1: (action: [(command: [F=[X]])]) appears inside a comment`,
- },
- {
- ``,
- `z:1: (action: [(command: [F=[X]])]) appears inside a comment`,
- },
- {
- ``,
- `z:1: (action: [(command: [F=[X]])]) appears inside a comment`,
- },
- {
- ``,
- `z:1: (action: [(command: [F=[X]])]) appears inside a comment`,
- },
- {
- "",
- "z:1: (action: [(command: [F=[H]])]) appears inside a comment",
- },
{
// It is ambiguous whether 1.5 should be 1\.5 or 1.5.
// Either `var x = 1/- 1.5 /i.test(x)`
diff --git a/src/pkg/exp/template/html/html.go b/src/pkg/exp/template/html/html.go
index 52472d193e..7b5fab0d93 100644
--- a/src/pkg/exp/template/html/html.go
+++ b/src/pkg/exp/template/html/html.go
@@ -224,3 +224,13 @@ func htmlNameFilter(args ...interface{}) string {
}
return s
}
+
+// commentEscaper returns the empty string regardless of input.
+// Comment content does not correspond to any parsed structure or
+// human-readable content, so the simplest and most secure policy is to drop
+// content interpolated into comments.
+// This approach is equally valid whether or not static comment content is
+// removed from the template.
+func commentEscaper(args ...interface{}) string {
+ return ""
+}