cybercyst/go
1
0
Fork 0
mirror of https://github.com/golang/go.git synced 2025-05-05 23:53:05 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

html/template: document comment stripping

Browse Source 
Fixes #28628

Change-Id: I8b68f55f25e62f747d7cc48a490fec7f426f53d1
Reviewed-on: https://go-review.googlesource.com/c/go/+/658115
Reviewed-by: Ian Lance Taylor <iant@google.com>
Reviewed-by: David Chase <drchase@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
This commit is contained in:
Sean Liao 2025-03-15 00:14:14 +00:00
parent 7dd7d70c03
commit 57c44fdefc
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/html/template/doc.go
View File

@ -28,6 +28,9 @@ HTML templates treat data values as plain text which should be encoded so they
can be safely embedded in an HTML document. The escaping is contextual, so
actions can appear within JavaScript, CSS, and URI contexts.
Comments are stripped from output, except for those passed in via the
[HTML], [CSS], and [JS] types for their respective contexts.
The security model used by this package assumes that template authors are
trusted, while Execute's data parameter is not. More details are
provided below.