profile
viewpoint

Ask questionshtml/template: add support for template strings (backticks)

by opennota:

<pre>ES6 specifies a new language feature called "Template Strings" (often also referred to as "Quasi Literals" alongside multi-line strings and others). This allows to execute arbitrary JavaScript code without using parenthesis but back-ticks instead. Inside back-tick delimited strings, placeholders such as ${} can wrap executable code.

<a href="http://play.golang.org/p/nBEneuxHNj">http://play.golang.org/p/nBEneuxHNj</a>

If you open the output of the above program in a modern browser (e.g., recently released Mozilla Firefox 34 supports template strings), it will happily execute alert(1).

References:

<a href="https://people.mozilla.org/~jorendorff/es6-draft.html">https://people.mozilla.org/~jorendorff/es6-draft.html</a> <a href="https://html5sec.org/#140">https://html5sec.org/#140</a> <a href="https://html5sec.org/#141">https://html5sec.org/#141</a></pre>

golang/go

Answer questions ijt

Hi all, I found that Go's template package seems to be treating // within JavaScript template strings as comments, so for example it turns

<script>let u = `https://foo.com`;</script>

into

<script>let u = `https:</script>

Here's a playground link for this: https://play.golang.org/p/dvW0mCby1ED. Is it intentional?

useful!

Related questions

cmd/link: segmentation fault during mach-o linking hot 6
cmd/vet: potential false positive in the "suspect or" check hot 4
cmd/go: cannot find module providing package error stops `go get` processing hot 3
vendor/golang.org/x/xerrors/adaptor_go1_13.go:16:14: undefined: errors.Frame ... hot 2
cmd/cgo error: runtime: unknown pc 0x7fff5c805b86 hot 2
internal/poll: transparently support new linux io_uring interface hot 2
Plis fixit! Its not good!!! hot 2
cmd/go: needs a better error than "missing dot in first path element" when GOROOT is set incorrectly hot 2
encoding/json: invalid use of ,string struct tag, trying to unmarshal "" into int hot 2
Golang show warning after updating to 1.13 on OSX Catalina 10.15 hot 2
x/mobile: gomobile bind is failing with latest version [+cafc553] of gomobile hot 2
cmd/go: "found, but does not contain package" error refers to replaced version instead of its replacement hot 2
x/xerrors: fails to compile on tip hot 1
cmd/go: `go clean <package>` downloads modules hot 1
runtime: crash with "invalid pc-encoded table" hot 1
Github User Rank List