autoescape="contextual"

[Nick Santos]

The documentation on closure-templates security talks about
autoescape="contextual" and autoescape="false"
https://developers.google.com/closure/templates/docs/security

but, AFAICT, these no longer work.
https://github.com/google/closure-templates/blob/master/java/src/com/google/template/soy/soytree/AutoescapeMode.java#L32

can somebody update the documentation?

Nick

[Brendan Linn]

Sure. Should we just update autoescape="contextual" to autoescape="deprecated-contextual" in the docs? The docs already say that contextual is deprecated.

[Garry Boyer]

And when possible discourage it.

On Wed, Nov 19, 2014 at 2:26 PM, Brendan Linn <brenda...@gmail.com> wrote:

Sure. Should we just update autoescape="contextual" to autoescape="deprecated-contextual" in the docs? The docs already say that contextual is deprecated.

--

---
You received this message because you are subscribed to the Google Groups "Closure Templates Discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to closure-templates-...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Talin]

One thing we're discussing is how to improve the way we maintain the documentation for closure templates. Currently the docs are:

• not part of the open source release.
• are stored in a different part of the repository than the rest of the code.
• are raw HTML which must be edited by hand.
  
• have an internal and external version, which are 95% the same and have to be kept in sync manually. (Most of the differences are non-semantic: different format for link URLs, different header / footer / ToC, different page styling, etc. Only a few places actually refer to internal Google policies or technologies which would not be useful / interesting to external users.)
• can only be published to the world via a complex, arcane process which only a handful of people know how to do.
• have no way to accept contributions from external users.

I would be interested in hearing ideas from closure templates users as to how this situation might be improved. 

Nick

--

---
You received this message because you are subscribed to the Google Groups "Closure Templates Discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to closure-templates-...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--

-- Talin

[Jaron Heinz]

While the documentation does look really nice with the Google styling, I’m not sure you can solve most of these problems without either open sourcing the Google styling (probably ill-advised), or just having a separate « Google Open Source » styling/templating that can be open sourced.

Alternatively, use github wiki pages, but those looks really awful and I personally find the user experience on them terrible.

[Johannes Nel]

just getting something out there for the new stuff would be handy. in our upgrade we have to read through the code to see what is going on and what the options are. Better examples (on github) might be an easy start.

[Rob Figueiredo]

How about

• Create a set of Soy templates that generate both versions of the docs.  They can be factored however makes sense for the sharing you want to do.  Presumably soy expressions are enough to express the differences in URLs, etc. 
  
• Create a script to compile them into the HTML sites
  
• Manually check them in somewhere or deploy them (this could be the step where you review changes in the generated output to ensure internal parts have not accidentally leaked to the external site)