diff options
| -rw-r--r-- | src/html/template/context.go | 14 | ||||
| -rw-r--r-- | src/html/template/escape.go | 4 | ||||
| -rw-r--r-- | src/html/template/escape_test.go | 38 |
3 files changed, 40 insertions, 16 deletions
diff --git a/src/html/template/context.go b/src/html/template/context.go index 8b3af2feab..132ae2d28d 100644 --- a/src/html/template/context.go +++ b/src/html/template/context.go @@ -6,6 +6,7 @@ package template import ( "fmt" + "slices" "text/template/parse" ) @@ -37,7 +38,7 @@ func (c context) String() string { if c.err != nil { err = c.err } - return fmt.Sprintf("{%v %v %v %v %v %v %v}", c.state, c.delim, c.urlPart, c.jsCtx, c.attr, c.element, err) + return fmt.Sprintf("{%v %v %v %v %v %v %v %v}", c.state, c.delim, c.urlPart, c.jsCtx, c.jsBraceDepth, c.attr, c.element, err) } // eq reports whether two contexts are equal. @@ -46,6 +47,7 @@ func (c context) eq(d context) bool { c.delim == d.delim && c.urlPart == d.urlPart && c.jsCtx == d.jsCtx && + slices.Equal(c.jsBraceDepth, d.jsBraceDepth) && c.attr == d.attr && c.element == d.element && c.err == d.err @@ -68,6 +70,9 @@ func (c context) mangle(templateName string) string { if c.jsCtx != jsCtxRegexp { s += "_" + c.jsCtx.String() } + if c.jsBraceDepth != nil { + s += fmt.Sprintf("_jsBraceDepth(%v)", c.jsBraceDepth) + } if c.attr != attrNone { s += "_" + c.attr.String() } @@ -77,6 +82,13 @@ func (c context) mangle(templateName string) string { return s } +// clone returns a copy of c with the same field values. +func (c context) clone() context { + clone := c + clone.jsBraceDepth = slices.Clone(c.jsBraceDepth) + return clone +} + // state describes a high-level HTML parser state. // // It bounds the top of the element stack, and by extension the HTML insertion diff --git a/src/html/template/escape.go b/src/html/template/escape.go index d8e1b8cb54..e18fa3aa73 100644 --- a/src/html/template/escape.go +++ b/src/html/template/escape.go @@ -523,7 +523,7 @@ func (e *escaper) escapeBranch(c context, n *parse.BranchNode, nodeName string) if nodeName == "range" { e.rangeContext = &rangeContext{outer: e.rangeContext} } - c0 := e.escapeList(c, n.List) + c0 := e.escapeList(c.clone(), n.List) if nodeName == "range" { if c0.state != stateError { c0 = joinRange(c0, e.rangeContext) @@ -554,7 +554,7 @@ func (e *escaper) escapeBranch(c context, n *parse.BranchNode, nodeName string) return c0 } } - c1 := e.escapeList(c, n.ElseList) + c1 := e.escapeList(c.clone(), n.ElseList) return join(c0, c1, n, nodeName) } diff --git a/src/html/template/escape_test.go b/src/html/template/escape_test.go index 49710c38b7..126dc22f33 100644 --- a/src/html/template/escape_test.go +++ b/src/html/template/escape_test.go @@ -1185,6 +1185,18 @@ func TestErrors(t *testing.T) { // html is allowed since it is the last command in the pipeline, but urlquery is not. `predefined escaper "urlquery" disallowed in template`, }, + { + "<script>var a = `{{if .X}}`{{end}}", + `{{if}} branches end in different contexts`, + }, + { + "<script>var a = `{{if .X}}a{{else}}`{{end}}", + `{{if}} branches end in different contexts`, + }, + { + "<script>var a = `{{if .X}}a{{else}}b{{end}}`</script>", + ``, + }, } for _, test := range tests { buf := new(bytes.Buffer) @@ -1756,7 +1768,7 @@ func TestEscapeText(t *testing.T) { }, { "<script>var a = `${", - context{state: stateJS, element: elementScript}, + context{state: stateJS, element: elementScript, jsBraceDepth: []int{0}}, }, { "<script>var a = `${}", @@ -1764,27 +1776,27 @@ func TestEscapeText(t *testing.T) { }, { "<script>var a = `${`", - context{state: stateJSTmplLit, element: elementScript}, + context{state: stateJSTmplLit, element: elementScript, jsBraceDepth: []int{0}}, }, { "<script>var a = `${var a = \"", - context{state: stateJSDqStr, element: elementScript}, + context{state: stateJSDqStr, element: elementScript, jsBraceDepth: []int{0}}, }, { "<script>var a = `${var a = \"`", - context{state: stateJSDqStr, element: elementScript}, + context{state: stateJSDqStr, element: elementScript, jsBraceDepth: []int{0}}, }, { "<script>var a = `${var a = \"}", - context{state: stateJSDqStr, element: elementScript}, + context{state: stateJSDqStr, element: elementScript, jsBraceDepth: []int{0}}, }, { "<script>var a = `${``", - context{state: stateJS, element: elementScript}, + context{state: stateJS, element: elementScript, jsBraceDepth: []int{0}}, }, { "<script>var a = `${`}", - context{state: stateJSTmplLit, element: elementScript}, + context{state: stateJSTmplLit, element: elementScript, jsBraceDepth: []int{0}}, }, { "<script>`${ {} } asd`</script><script>`${ {} }", @@ -1792,7 +1804,7 @@ func TestEscapeText(t *testing.T) { }, { "<script>var foo = `${ (_ => { return \"x\" })() + \"${", - context{state: stateJSDqStr, element: elementScript}, + context{state: stateJSDqStr, element: elementScript, jsBraceDepth: []int{0}}, }, { "<script>var a = `${ {</script><script>var b = `${ x }", @@ -1820,23 +1832,23 @@ func TestEscapeText(t *testing.T) { }, { "<script>`${ { `` }", - context{state: stateJS, element: elementScript}, + context{state: stateJS, element: elementScript, jsBraceDepth: []int{0}}, }, { "<script>`${ { }`", - context{state: stateJSTmplLit, element: elementScript}, + context{state: stateJSTmplLit, element: elementScript, jsBraceDepth: []int{0}}, }, { "<script>var foo = `${ foo({ a: { c: `${", - context{state: stateJS, element: elementScript}, + context{state: stateJS, element: elementScript, jsBraceDepth: []int{2, 0}}, }, { "<script>var foo = `${ foo({ a: { c: `${ {{.}} }` }, b: ", - context{state: stateJS, element: elementScript}, + context{state: stateJS, element: elementScript, jsBraceDepth: []int{1}}, }, { "<script>`${ `}", - context{state: stateJSTmplLit, element: elementScript}, + context{state: stateJSTmplLit, element: elementScript, jsBraceDepth: []int{0}}, }, } |