-
Notifications
You must be signed in to change notification settings - Fork 3.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support template validation #892
Comments
Interesting. How will we prevent layout reflows with templates? Even simple text replacements will have their width determined by the actual text string. Will the rendering engine block on the loading of the json blob? |
Templates do not render themselves. The target AMP elements call templates to render some part of their content, so it depends on each element. For instance, a carousel can call JSON service and template to render slides. But no relayout is needed there since all the slides a positioned behind each other in the fixed space. Some other elements might need to be more creative with space. We also have "requestHeight" system that should help. |
Looking at this in more detail now... For the "type", is "amp-mustache" the only currently allowed value? Will make it quick to add new ones, I just want to be sure that this is the only one for now. For amp-mustache, what is the src= value that we are looking for in the script tag? Clearly we can't allow any value there as it'll be executed as j/s, but it's not provided in the issue anywhere that I can see. Are there any attribute values that we don't want to allow as mustache variable? The only things I can thing of would be maybe the Are Mozilla doc specifies that the Mustache doc has two types of variables, Mustache has this set delimiter syntax that allows the parsing to switch to a different delimeter from {{ and }}. That would be a beast to implement validator for. OK to disallow for now? Note that without it, no templates can actually have "{{" or "}}" as a literal string inside them. Mustache supports partials which in turn seem to import a template from somewhere else. I don't see how this would be used with your implementation. Is it something we want to disallow for now? FYI: Mustache supports function calls in the template. It's impossible for the validator to know that To your question 8, I'm not sure how difficult this would be. It's not trivial, but it seems possible. The part that would get very tricky is if this interacts with the attributes in the layout rules which have more complex interactions than elsewhere. |
Yes. Special-case all the way.
This is the same spec as for elements - so whatever we do, e.g. for
By default any value.
See examples here: https://github.com/ampproject/amphtml/blob/master/extensions/amp-list/amp-list.md
I think this is wrong. According to https://html.spec.whatwg.org/multipage/scripting.html#the-template-element it's allowed anywhere where a phrasing or script content is allowed. For us this basically means that it's allowed anywhere, except inside
Yes, allow unescaped values. We sanitize it. The sanitizer is currently in the security review.
Fine to disallow.
No need to disallow. If we decide to implement them - they should just work.
We will keep it possible as well. Currently we do not allow functions in the payload, so it's impossible to make any calls. But we may allow them in the future.
Let's ignore this for now. |
Tested on all browsers, we can skip But we have two new rules:
|
The validation changes in the CL above are now live everywhere. |
As part of supporting dynamic content we will be rolling out
<template>
support and we need it to validate.The
template
element is described in some detail here: https://developer.mozilla.org/en-US/docs/Web/HTML/Element/templateOur first target is Mustache.js: https://github.com/janl/mustache.js/, but there could be any number of template languages. They are all fairly similar. One critical aspect of use of template languages in AMP, however, is that we require a valid DOM.
template
element gives us this assurance, but validator has to confirm.Here's the nuances of supporting templates:
template
element must have atype
attribute prefixed with "amp-". This type should be declared by an async script withcustom-template
attribute. For instance:template
element is a well-formed HTML. This, more or less, follows from usingtemplate
element, but the validator needs to make it doubly sure that, although valid in Mustache, we will not allow:2.1. Expressions on element names are not allowed, e.g.
<{{tagName}}></{{tagName}}>
is invalid.2.2. Expressions on element attribute names are not allowed, e.g.
<div {{#noborder}}noborder{{/noborder}}>
is invalid. Notice that attribute value expressions are perfectly valid.<script>
,<style>
tags not allowedstyle
attribute is not allowedon*
attributes are not allowed with a sole exception ofon
attributetemplate
tag will have to relaxed. E.g. it's possible to specify<a href="{{href}}">
. So, as a general rule we will allow{{}}
values withtemplate
in place of fixed values or other controlled values in AMP elsewhere. Where security is concerned, the final validation will be performed by the client-side sanitizer (not part of this task). E.g. client-side sanitizer will ensure thata
tag created by a template will not have "javascript:" inhref
and so on. See Caja-based sanitizer for AMP templates #890 for more info.{{#noborder}} noborder {{/#noborder}}
, we may have to support an alternative. I'm exploring an option with?
, e.g.noborder?={{noborder}}
. I'd like feedback if this is easy to enable in the validator.For more on the choice of
template
element, see: https://docs.google.com/document/d/1q-5MPQHnOHLF_uL7lQsGZdzuBgrPTkCy2PdRP-YCbOw/edit/cc @cramforce
/cc @NataliaLKB
Related to #657.
The text was updated successfully, but these errors were encountered: