escaping is mandatory in HtmlComment

src/Latte/Compiler/Escaper.php

@@ -222,7 +222,7 @@ public function escape(string $str): string
 	}
 
 
-	public function escapeMandatory(string $str): string
+	public function escapeMandatory(string $str, ?Position $position = null): string
 	{
 		$quote = var_export($this->quote, true); // TODO
 		return match ($this->contentType) {
@@ -232,10 +232,12 @@ public function escapeMandatory(string $str): string
 					self::HtmlText => 'LR\Filters::convertHtmlToHtmlRawText(' . $str . ')',
 					default => "LR\\Filters::convertJSToHtmlRawText($str)",
 				},
+				self::HtmlComment => throw new Latte\CompileException('Using |noescape is not allowed in this context.', $position),
 				default => $str,
 			},
 			ContentType::Xml => match ($this->state) {
 				self::HtmlAttribute => "LR\\Filters::escapeHtmlChar($str, $quote)",
+				self::HtmlComment => throw new Latte\CompileException('Using |noescape is not allowed in this context.', $position),
 				default => $str,
 			},
 			default => $str,

src/Latte/Compiler/Nodes/Php/ModifierNode.php

@@ -70,7 +70,7 @@ public function printSimple(PrintContext $context, string $expr): string
 
 		$expr = $escape
 			? $escaper->escape($expr)
-			: $escaper->escapeMandatory($expr);
+			: $escaper->escapeMandatory($expr, $this->position);
 
 		return $expr;
 	}

tests/common/Compiler.noescape.phpt

@@ -58,3 +58,10 @@ Assert::match(
 	'<p onclick="foo a=\'a\' b=&quot;b&quot;>"></p>',
 	$latte->renderToString('<p onclick="{="foo a=\'a\' b=\"b\">"|noescape}"></p>'),
 );
+
+// comment
+Assert::exception(
+	fn() => $latte->renderToString('<!-- {="-->"|noescape} -->'),
+	Latte\CompileException::class,
+	'Using |noescape is not allowed in this context (on line 1 at column 13)',
+);