template

ErrAmbigContext const #

ErrAmbigContext: "... appears in an ambiguous context within a URL" Example: Discussion: {{.X}} is in an ambiguous URL context since, depending on {{.C}}, it may be either a URL suffix or a query parameter. Moving {{.X}} into the condition removes the ambiguity:

const ErrAmbigContext

ErrBadHTML const #

ErrBadHTML: "expected space, attr name, or end of tag, but got ...", "... in unquoted attr", "... in attribute name" Example:

ErrBranchEnd const #

ErrBranchEnd: "{{if}} branches end in different contexts" Example: {{if .C}}const ErrBranchEnd

ErrEndContext const #

ErrEndContext: "... ends in a non-text context: ..." Examples:

{{template "helper"}} {{end}} {{define "helper"}} document.write('

const ErrEndContext

ErrJSTemplate const #

ErrJSTemplate: "... appears in a JS template literal" Example: Discussion: Package html/template does not support actions inside of JS template literals. Deprecated: ErrJSTemplate is no longer returned when an action is present in a JS template literal. Actions inside of JS template literals are now escaped as expected.

const ErrJSTemplate

ErrNoSuchTemplate const #

ErrNoSuchTemplate: "no such template ..." Examples: {{define "main"}}

{{end}} {{define "attrs"}}href="{{.URL}}"{{end}} Discussion: Package html/template looks through template calls to compute the context. Here the {{.URL}} in "attrs" must be treated as a URL when called from "main", but you will get this error if "attrs" is not defined when "main" is parsed.

const ErrNoSuchTemplate

ErrOutputContext const #

ErrOutputContext: "cannot compute output context for template ..." Examples: {{define "t"}}{{if .T}}{{template "t" .T}}{{end}}{{.H}}",{{end}} Discussion: A recursive template does not end in the same context in which it starts, and a reliable output context cannot be computed. Look for typos in the named template. If the template should not be called in the named start context, look for calls to that template in unexpected contexts. Maybe refactor recursive templates to not be recursive.

const ErrOutputContext

ErrPartialCharset const #

ErrPartialCharset: "unfinished JS regexp charset in ..." Example: Discussion: Package html/template does not support interpolation into regular expression literal character sets.

const ErrPartialCharset

ErrPartialEscape const #

ErrPartialEscape: "unfinished escape sequence in ..." Example: Discussion: Package html/template does not support actions following a backslash. This is usually an error and there are better solutions; for example should work, and if {{.X}} is a partial escape sequence such as "xA0", mark the whole sequence as safe content: JSStr(`\xA0`)

const ErrPartialEscape

ErrPredefinedEscaper const #

ErrPredefinedEscaper: "predefined escaper ... disallowed in template" Example:

Hello

Discussion: Package html/template already contextually escapes all pipelines to produce HTML output safe against code injection. Manually escaping pipeline output using the predefined escapers "html" or "urlquery" is unnecessary, and may affect the correctness or safety of the escaped pipeline output in Go 1.8 and earlier. In most cases, such as the given example, this error can be resolved by simply removing the predefined escaper from the pipeline and letting the contextual autoescaper handle the escaping of the pipeline. In other instances, where the predefined escaper occurs in the middle of a pipeline where subsequent commands expect escaped input, e.g. {{.X | html | makeALink}} where makeALink does return `link` consider refactoring the surrounding template to make use of the contextual autoescaper, i.e. link To ease migration to Go 1.9 and beyond, "html" and "urlquery" will continue to be allowed as the last command in a pipeline. However, if the pipeline occurs in an unquoted attribute value context, "html" is disallowed. Avoid using "html" and "urlquery" entirely in new templates.

const ErrPredefinedEscaper

ErrRangeLoopReentry const #

ErrRangeLoopReentry: "on range loop re-entry: ..." Example: Discussion: If an iteration through a range would cause it to end in a different context than an earlier pass, there is no single context. In the example, there is missing a quote, so it is not clear whether {{.}} is meant to be inside a JS string or in a JS value context. The second iteration would produce something like

const ErrRangeLoopReentry

ErrSlashAmbig const #

ErrSlashAmbig: '/' could start a division or regexp. Example: Discussion: The example above could produce `var x = 1/-2/i.test(s)...` in which the first '/' is a mathematical division operator or it could produce `/-2/i.test(s)` in which the first '/' starts a regexp literal. Look for missing semicolons inside branches, and maybe add parentheses to make it clear which interpretation you intend.

const ErrSlashAmbig

OK const #

OK indicates the lack of an error.

const OK ErrorCode = iota

_attr_index var #

var _attr_index = [...]uint8{...}

_attr_name const #

const _attr_name = "attrNoneattrScriptattrScriptTypeattrStyleattrURLattrSrcset"

_delim_index var #

var _delim_index = [...]uint8{...}

_delim_name const #

const _delim_name = "delimNonedelimDoubleQuotedelimSingleQuotedelimSpaceOrTagEnd"

_element_index var #

var _element_index = [...]uint8{...}

_element_name const #

const _element_name = "elementNoneelementScriptelementStyleelementTextareaelementTitle"

_jsCtx_index var #

var _jsCtx_index = [...]uint8{...}

_jsCtx_name const #

const _jsCtx_name = "jsCtxRegexpjsCtxDivOpjsCtxUnknown"

_state_index var #

var _state_index = [...]uint16{...}

_state_name const #

const _state_name = "stateTextstateTagstateAttrNamestateAfterNamestateBeforeValuestateHTMLCmtstateRCDATAstateAttrstateURLstateSrcsetstateJSstateJSDqStrstateJSSqStrstateJSTmplLitstateJSRegexpstateJSBlockCmtstateJSLineCmtstateJSHTMLOpenCmtstateJSHTMLCloseCmtstateCSSstateCSSDqStrstateCSSSqStrstateCSSDqURLstateCSSSqURLstateCSSURLstateCSSBlockCmtstateCSSLineCmtstateErrorstateDead"

_urlPart_index var #

var _urlPart_index = [...]uint8{...}

_urlPart_name const #

const _urlPart_name = "urlPartNoneurlPartPreQueryurlPartQueryOrFragurlPartUnknown"

attrNone const #

attrNone corresponds to a normal attribute or no attribute.

const attrNone attr = iota

attrScript const #

attrScript corresponds to an event handler attribute.

const attrScript

attrScriptType const #

attrScriptType corresponds to the type attribute in script HTML element

const attrScriptType

attrSrcset const #

attrSrcset corresponds to a srcset attribute.

const attrSrcset

attrStartStates var #

var attrStartStates = [...]state{...}

attrStyle const #

attrStyle corresponds to the style attribute whose value is CSS.

const attrStyle

attrTypeMap var #

attrTypeMap[n] describes the value of the given attribute. If an attribute affects (or can mask) the encoding or interpretation of other content, or affects the contents, idempotency, or credentials of a network message, then the value in this map is contentTypeUnsafe. This map is derived from HTML5, specifically https://www.w3.org/TR/html5/Overview.html#attributes-1 as well as "%URI"-typed attributes from https://www.w3.org/TR/html4/index/attributes.html

var attrTypeMap = map[string]contentType{...}

attrURL const #

attrURL corresponds to an attribute whose value is a URL.

const attrURL

blockCommentEnd var #

var blockCommentEnd = *ast.CallExpr

commentEnd var #

var commentEnd = *ast.CallExpr

commentStart var #

var commentStart = *ast.CallExpr

contentTypeCSS const #

const contentTypeCSS

contentTypeHTML const #

const contentTypeHTML

contentTypeHTMLAttr const #

const contentTypeHTMLAttr

contentTypeJS const #

const contentTypeJS

contentTypeJSStr const #

const contentTypeJSStr

contentTypePlain const #

const contentTypePlain contentType = iota

contentTypeSrcset const #

const contentTypeSrcset

contentTypeURL const #

const contentTypeURL

contentTypeUnsafe const #

contentTypeUnsafe is used in attr.go for values that affect how embedded content and network messages are formed, vetted, or interpreted; or which credentials network messages carry.

const contentTypeUnsafe

cssReplacementTable var #

var cssReplacementTable = []string{...}

debugAllowActionJSTmpl var #

var debugAllowActionJSTmpl = *ast.CallExpr

delimDoubleQuote const #

delimDoubleQuote occurs when a double quote (") closes the attribute.

const delimDoubleQuote

delimEnds var #

delimEnds maps each delim to a string of characters that terminate it.

var delimEnds = [...]string{...}

delimNone const #

delimNone occurs outside any attribute.

const delimNone delim = iota

delimSingleQuote const #

delimSingleQuote occurs when a single quote (') closes the attribute.

const delimSingleQuote

delimSpaceOrTagEnd const #

delimSpaceOrTagEnd occurs when a space or right angle bracket (>) closes the attribute.

const delimSpaceOrTagEnd

doctypeBytes var #

var doctypeBytes = *ast.CallExpr

elementContentType var #

var elementContentType = [...]state{...}

elementNameMap var #

var elementNameMap = map[string]element{...}

elementNone const #

elementNone occurs outside a special tag or special element body.

const elementNone element = iota

elementScript const #

elementScript corresponds to the raw text

var htmlNospaceReplacementTable = []string{...}

htmlReplacementTable var #

htmlReplacementTable contains the runes that need to be escaped inside a quoted attribute value or in a text node.

var htmlReplacementTable = []string{...}

htmlSpaceAndASCIIAlnumBytes const #

Derived from https://play.golang.org/p/Dhmj7FORT5

const htmlSpaceAndASCIIAlnumBytes = "\x00\x36\x00\x00\x01\x00\xff\x03\xfe\xff\xff\x07\xfe\xff\xff\x07"

jsBqStrReplacementTable var #

jsBqStrReplacementTable is like jsStrReplacementTable except it also contains the special characters for JS template literals: $, {, and }.

var jsBqStrReplacementTable = []string{...}

jsCtxDivOp const #

jsCtxDivOp occurs where a '/' would start a division operator.

const jsCtxDivOp

jsCtxRegexp const #

jsCtxRegexp occurs where a '/' would start a regexp literal.

const jsCtxRegexp jsCtx = iota

jsCtxUnknown const #

jsCtxUnknown occurs where a '/' is ambiguous due to context joining.

const jsCtxUnknown

jsRegexpReplacementTable var #

var jsRegexpReplacementTable = []string{...}

jsStrNormReplacementTable var #

jsStrNormReplacementTable is like jsStrReplacementTable but does not overencode existing escapes since this table has no entry for `\`.

var jsStrNormReplacementTable = []string{...}

jsStrReplacementTable var #

var jsStrReplacementTable = []string{...}

jsWhitespace const #

jsWhitespace contains all of the JS whitespace characters, as defined by the \s character class. See https://developer.mozilla.org/en-US/docs/Web/JavaScript/Guide/Regular_expressions/Character_classes.

const jsWhitespace = "\f\n\r\t\v\u0020\u00a0\u1680\u2000\u2001\u2002\u2003\u2004\u2005\u2006\u2007\u2008\u2009\u200a\u2028\u2029\u202f\u205f\u3000\ufeff"

jsonMarshalType var #

var jsonMarshalType = *ast.CallExpr

lowUnicodeReplacementTable var #

var lowUnicodeReplacementTable = []string{...}

mozBindingBytes var #

var mozBindingBytes = *ast.CallExpr

predefinedEscapers var #

predefinedEscapers contains template predefined escapers that are equivalent to some contextual escapers. Keep in sync with equivEscapers.

var predefinedEscapers = map[string]bool{...}

redundantFuncs var #

redundantFuncs[a][b] implies that funcMap[b](funcMap[a](x)) == funcMap[a](x) for all x.

var redundantFuncs = map[string]map[string]bool{...}

regexpPrecederKeywords var #

regexpPrecederKeywords is a set of reserved JS keywords that can precede a regular expression in JS source.

var regexpPrecederKeywords = map[string]bool{...}

scriptTagRe var #

var scriptTagRe = *ast.CallExpr

specialScriptTagRE var #

Per WHATWG HTML specification, section 4.12.1.3, there are extremely complicated rules for how to handle the set of opening tags .

const stateHTMLCmt

stateJS const #

stateJS occurs inside an event handler or script element.

const stateJS

stateJSBlockCmt const #

stateJSBlockCmt occurs inside a JavaScript /* block comment */.

const stateJSBlockCmt

stateJSDqStr const #

stateJSDqStr occurs inside a JavaScript double quoted string.

const stateJSDqStr

stateJSHTMLCloseCmt const #

stateJSHTMLCloseCmt occurs inside a JavaScript --> HTML-like comment.

const stateJSHTMLCloseCmt

stateJSHTMLOpenCmt const #

stateJSHTMLOpenCmt occurs inside a JavaScript

Imports

Imports #

Constants & Variables