Ask questionshtml/template: add support for template strings (backticks)

by opennota:

<pre>ES6 specifies a new language feature called "Template Strings" (often also referred to as "Quasi Literals" alongside multi-line strings and others). This allows to execute arbitrary JavaScript code without using parenthesis but back-ticks instead. Inside back-tick delimited strings, placeholders such as ${} can wrap executable code.

<a href=""></a>

If you open the output of the above program in a modern browser (e.g., recently released Mozilla Firefox 34 supports template strings), it will happily execute alert(1).


<a href=""></a> <a href=""></a> <a href=""></a></pre>


Answer questions ijt

Hi all, I found that Go's template package seems to be treating // within JavaScript template strings as comments, so for example it turns

<script>let u = ``;</script>


<script>let u = `https:</script>

Here's a playground link for this: Is it intentional?


Related questions

cmd/link: segmentation fault during mach-o linking hot 6
cmd/vet: potential false positive in the "suspect or" check hot 4
cmd/go: cannot find module providing package error stops `go get` processing hot 3
vendor/ undefined: errors.Frame ... hot 2
cmd/cgo error: runtime: unknown pc 0x7fff5c805b86 hot 2
internal/poll: transparently support new linux io_uring interface hot 2
Plis fixit! Its not good!!! hot 2
cmd/go: needs a better error than "missing dot in first path element" when GOROOT is set incorrectly hot 2
encoding/json: invalid use of ,string struct tag, trying to unmarshal "" into int hot 2
Golang show warning after updating to 1.13 on OSX Catalina 10.15 hot 2
x/mobile: gomobile bind is failing with latest version [+cafc553] of gomobile hot 2
cmd/go: "found, but does not contain package" error refers to replaced version instead of its replacement hot 2
x/xerrors: fails to compile on tip hot 1
cmd/go: `go clean <package>` downloads modules hot 1
runtime: crash with "invalid pc-encoded table" hot 1
Github User Rank List