[Validator] Template attribute values in data-* attributes not validated #3460
Description
The following template attribute values correctly generate validation errors:
<template type="amp-mustache">
<!-- validation error: UNESCAPED_TEMPLATE_IN_ATTR_VALUE -->
<div class="{{{ hello }}}"></div>
<!-- validation error: TEMPLATE_PARTIAL_IN_ATTR_VALUE -->
<p class="{{ >testing }}}"></p>
</template>These errors are triggered by the validateAttrValueBelowTemplateTag()
Interestingly, the following will not trigger any validation error:
<template type="amp-mustache">
<!-- no validation error -->
<div data-message="{{{ hello }}}"></div>
<!-- no validation error -->
<p data-message="{{ >testing }}}"></p>
</template>This is because all data-* attribute values are not validated at all. (data-* attribute names are validated though). (see validateAttrNotFoundInSpec())
Is this behaviour correct? Should we not check data-* values also whether they have a correct value if they are underneath template tags?
This seems to contradict the comment "We disallow these in attribute values" (see below)
static valueHasUnescapedTemplateSyntax(value) {
// Mustache (https://mustache.github.io/mustache.5.html), our template
// system, supports {{{unescaped}}} or {{{&unescaped}}} and there can
// be whitespace after the 2nd '{'. We disallow these in attribute Values.
const unescapedOpenTag = new RegExp('{{\\s*[&{]');
return unescapedOpenTag.test(value);
}Another contradiction: "We disallow partials in attribute values" as partials are allowed in data-* (see below)
static valueHasPartialsTemplateSyntax(value) {
// Mustache (https://mustache.github.io/mustache.5.html), our template
// system, supports 'partials' which include other Mustache templates
// in the format of {{>partial}} and there can be whitespace after the {{.
// We disallow partials in attribute values.
const partialsTag = new RegExp('{{\\s*>');
return partialsTag.test(value);
}