-
Mike Samuel authored
When templates are stored in external files, developers often embed comments to explain&|disable code. <!-- Oblique reference to project code name here --> {{if .C}}...{{else}}<!-- commented out default -->{{end}} This unnecessarily increases the size of shipped HTML and can leak information. This change elides all comments of the following types: 1. <!-- ... --> comments found in source. 2. /*...*/ and // comments found in <script> elements. 3. /*...*/ and // comments found in <style> elements. It does not elide /*...*/ or // comments found in HTML attributes: 4. <button onclick="/*...*/"> 5. <div style="/*...*/"> I can find no examples of comments in attributes in Closure Templates code and doing so would require keeping track of character positions post decode in <button onclick="/*...*/"> To prevent token joining, /*comments*/ are JS and CSS comments are replaced with a whitespace char. HTML comments are not, but to prevent token joining we could try to detect cases like <<!---->b> </<!---->b> which has a well defined meaning in HTML but will cause a validator to barf. This is difficult, and this is a very minor case. I have punted for now, but if we need to address this case, the best way would be to normalize '<' in stateText to '<' consistently. The whitespace to replace a JS /*comment*/ with depends on whether there is an embedded line terminator since break/* */foo ... is equivalent to break; foo ... while break/**/foo ... is equivalent to break foo; ... Comment eliding can interfere with IE conditional comments. http://en.wikipedia.org/wiki/Conditional_comment <!--[if IE 6]> <p>You are using Internet Explorer 6.</p> <![endif]--> /*@cc_on document.write("You are using IE4 or higher"); @*/ I have not encountered these in production template code, and the typed content change in CL 4962067 provides an escape-hatch if conditional comments are needed. R=nigeltao CC=golang-dev https://golang.org/cl/499904235819729
