raducotescu
commented
6 years ago @kwin, the scriptContext can only be used for Identifiers and String and Numeric literals. JavaScript templates conflict with HTL expressions (so it's extremely difficult to validate something like that) and Punctuators are not something you'd really want to output as a single token from HTL I guess.
I'll add this piece of info to the specification.
kwin
Currently the only description for the context
scriptContextis(https://github.com/Adobe-Marketing-Cloud/htl-spec/blob/master/SPECIFICATION.md#121-display-context)
What exactly is considered a JavaScript token here? Does it refer to https://www.ecma-international.org/ecma-262/8.0/index.html#prod-CommonToken? If so, then the implementation does not accept everything which is considered a common token according to the spec (e.g.
{is a valid common token according to ECMA, defined inPunctuator, but not accepted by https://github.com/apache/sling-org-apache-sling-xss/blob/43947bd638d73e4595dea49972049e560c409b06/src/main/java/org/apache/sling/xss/impl/XSSAPIImpl.java#L257).