From 2132925b88b34dfe6ceecfc58c752d9ed315b832 Mon Sep 17 00:00:00 2001
From: Hajime Hoshi <hajimehoshi@gmail.com>
Date: Mon, 2 Feb 2015 02:34:01 +0900
Subject: [PATCH] doc: Escape HTML comments properly

---
 _docs/gen.go | 18 +++++++++++++++++-
 1 file changed, 17 insertions(+), 1 deletion(-)

diff --git a/_docs/gen.go b/_docs/gen.go
index 6508ce620..878a95c64 100644
--- a/_docs/gen.go
+++ b/_docs/gen.go
@@ -83,7 +83,23 @@ func init() {
 }
 
 func comment(text string) template.HTML {
-	// TODO: text should be escaped
+	// http://www.w3.org/TR/html-markup/syntax.html#comments
+	// The text part of comments has the following restrictions:
+	// * must not start with a ">" character
+	// * must not start with the string "->"
+	// * must not contain the string "--"
+	// * must not end with a "-" character
+
+	for strings.HasPrefix(text, ">") {
+		text = text[1:]
+	}
+	for strings.HasPrefix(text, "->") {
+		text = text[2:]
+	}
+	text = strings.Replace(text, "--", "", -1)
+	for strings.HasSuffix(text, "-") {
+		text = text[:len(text)-1]
+	}
 	return template.HTML("<!--\n" + text + "\n-->")
 }