SoyAutoescapeException: Messages are not supported in this context, because it would mean asking translators to write source code about closure-templates HOT 4 CLOSED

I was the one that made it generally an error to do this. We found that in Google we had a dozen or so cases where a message was inside a URL, but it was almost all accidental, e.g. someone accidentally made a template kind="uri". (We generally use ?hl parameters for URLs that need to be translated in multiple languages.)

That said, a few others have asked me about this, as some people have translation processes built around URLs that work really well -- it is possible to make it work, but it does require a bit more typing, but the nice thing about this syntax is that it makes absolutely certain that a "javascript:" URL or something nasty doesn't end up in the final URL, because now the result of the message will go through validation.

{let $translatedUrl kind="text"}
{msg desc="Kinja Help URL - Token call failed"}http://help.gawker.com/customer/portal/articles/1794410-why-am-i-receiving-a-post-save-error-{/msg}
{/let}
<a class="icon icon-question-circle hover-icon icon-append help-link" href="{msg desc="Kinja Help URL - Token call failed"}http://help.gawker.com/customer/portal/articles/1794410-why-am-i-receiving-a-post-save-error-{/msg}" target="_blank">

from closure-templates.

Thanks @gboyer that solution works for our situation. Is there a migration guide or a changelog somewhere that indicates the changes necessary to upgrade from the 2012 to the 2015 version of Closure Templates?

from closure-templates.

One of the biggest changes is that since then, the default autoescape mode has changed from "true" (which is now deprecated-noncontextual) to "strict" (which is now also the default). Strict autoescaping also bans noAutoescape, instead requiring anything that needs to be printed without escaping to be passed into Soy as a SanitizedContent object, or passed between templates as a kind="html" parameter block. Or, you can leave things the way they are and use deprecated-noncontextual escaping, but with a higher risk of XSS.

We now push about every week, so I can't guarantee the total set of changes; a lot of changes are small bug might still affect people. The messages change is one of the smallest changes we've made. In the last few weeks certain kinds of URL patterns have also been banned because it turned out there was no way for Soy to escape them correctly, and before it was just silently escaping them incorrectly...there have been some recent fixes to the language implementation, new backends, and more, too.

from closure-templates.

Thanks again, @gboyer; deprecated-noncontextual will make it easier for us to make this upgrade in small steps.

from closure-templates.