Skip to content

Stop using html/template in U2M OAuth callback to restore linker DCE (fixes #343)#389

Closed
vikrantpuppala wants to merge 2 commits into
mainfrom
fix/343-html-template-dce
Closed

Stop using html/template in U2M OAuth callback to restore linker DCE (fixes #343)#389
vikrantpuppala wants to merge 2 commits into
mainfrom
fix/343-html-template-dce

Conversation

@vikrantpuppala

Copy link
Copy Markdown
Collaborator

Summary

Reachable use of the stdlib html/template in package auth/oauth/u2m disabled the Go linker's public dead-code elimination (DCE) for the entire binary of any application that imports databricks-sql-go. html/template builds on text/template, whose reflection-based field evaluation forces the linker to retain code it would otherwise strip. This bloats consumer binaries — up to ~20% (40 MB) in multi-library binaries like xo/usql, as reported in #343.

This PR rewrites the mostly-static OAuth callback page as plain string building with explicit html.EscapeString on the dynamic fields (the same approach xo/tblfmt used for a similar issue), removing html/template/text/template from the reachable graph. The now-unused embedded templates/simple.html is deleted.

The dynamic fields remain HTML-escaped, so the escaping behavior of the previous html/template implementation is preserved.

Impact

Measured with a minimal main.go that imports the driver (the repro from the issue):

Before After
text/template/html/template symbols (go tool nm) 615 0
Binary size 23.7 MB 14.4 MB (~39% smaller)

The size delta is larger than the driver's own footprint because re-enabling DCE benefits the whole binary, including other libraries.

Test plan

  • Added auth/oauth/u2m/html_template_test.go:
    • TestRenderHTML (table-driven): basic field rendering + escaping of <, >, &, "; the conditional action-link block; the conditional code block; and that each page is a complete, well-formed document.
    • TestInfoHTML: success page title/heading/content, no code block.
    • TestErrorHTML: error page title and that the error message is HTML-escaped (no raw <script> leaks through).
  • go build ./..., go vet ./auth/oauth/u2m/, and gofmt -l are all clean.
  • go test ./auth/oauth/u2m/ passes.
  • Verified via go tool nm on a consumer binary that the template symbols are gone (615 → 0) and the binary shrinks as shown above.

Notes

  • No other html/template or text/template usages exist in the codebase — this was the sole occurrence of the pattern.
  • CHANGELOG updated under an Unreleased section.

Closes #343

This pull request and its description were written by Isaac.

The README documented only PAT (token:) authentication and a handful of
connection parameters, with no guidance on several options that the
driver already supports and doc.go already lists.

Add a consolidated 'Supported connection parameters' table (catalog,
schema, maxRows, timeout, userAgentEntry, useCloudFetch,
maxDownloadThreads, authType, accessToken, clientID, clientSecret) and
worked DSN examples for:
  - OAuth machine-to-machine auth (clientID/clientSecret)
  - OAuth user-to-machine auth (authType=OauthU2M)
  - setting the user agent (userAgentEntry)

Docs-only change; parameter names, defaults, and behavior verified
against internal/config/config.go and its existing tests.

Closes #196

Signed-off-by: Vikrant Puppala <vikrant.puppala@databricks.com>
Reachable use of html/template in auth/oauth/u2m disabled the Go linker's
dead-code elimination for the entire binary of any application importing
this driver, significantly increasing binary size (up to ~20% in
multi-library binaries).

Rewrite the mostly-static OAuth callback page as plain string building
with explicit html.EscapeString for the dynamic fields, removing the
html/template (and transitively text/template) dependency from the
reachable graph. In a minimal binary importing the driver this drops
text/template symbols from 615 to 0 and shrinks the binary by ~39%.

Delete the now-unused embedded templates/simple.html and add tests
covering rendering and HTML escaping.

Closes #343

Co-authored-by: Isaac
Signed-off-by: Vikrant Puppala <vikrant.puppala@databricks.com>
@vikrantpuppala

Copy link
Copy Markdown
Collaborator Author

Superseded by #390, which is branched cleanly off main (this branch accidentally included an unrelated README commit from docs/196-dsn-parameters).

@vikrantpuppala vikrantpuppala deleted the fix/343-html-template-dce branch July 8, 2026 06:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

HTML template in auth/oauth/u2m disables public dead code elimination for the whole application

1 participant