• Mike Samuel's avatar
    exp/template/html: autoescape actions in HTML style attributes. · 4670d9e6
    Mike Samuel authored
    This does not wire up <style> elements as that is pending support
    for raw text content in CL https://golang.org/cl/4964045/
    
    This CL allows actions to appear in contexts like
    
    selectors:        {{.Tag}}{{.Class}}{{.Id}}
    property names:   border-{{.BidiLeadingEdge}}
    property values:  color: {{.Color}}
    strings:          font-family: "{{font-name}}"
    URL strings:      background: "/foo?image={{.ImgQuery}}"
    URL literals:     background: url("{{.Image}}")
    
    but disallows actions inside CSS comments and disallows
    embedding of JS in CSS entirely.
    
    It is based on the CSS3 lexical grammar with affordances for
    common browser extensions including line comments.
    
    R=nigeltao
    CC=golang-dev
    https://golang.org/cl/4968058
    4670d9e6
escape.go 20.8 KB