Cypherpunks.ru repositories - gostls13.git/commit

author	Roland Shoemaker <roland@golang.org>
	Thu, 15 Feb 2024 01:18:36 +0000 (17:18 -0800)
committer	Carlos Amedee <carlos@golang.org>
	Wed, 28 Feb 2024 19:53:41 +0000 (19:53 +0000)
commit	3643147a29352ca2894fd5d0d2069bc4b4335a7e
tree	4964f8a3a9d1f0e47e8aa2276167e14ae40c3c22	tree
parent	3a588774a586e281c636465b4353b617e1174a70	commit \| diff

[release-branch.go1.21] html/template: escape additional tokens in MarshalJSON errors

Escape "</script" and "<!--" in errors returned from MarshalJSON errors
when attempting to marshal types in script blocks. This prevents any
user controlled content from prematurely terminating the script block.

Updates #65697
Fixes #65968

Change-Id: Icf0e26c54ea7d9c1deed0bff11b6506c99ddef1b
Reviewed-on: https://go-review.googlesource.com/c/go/+/564196
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Damien Neil <dneil@google.com>
(cherry picked from commit ccbc725f2d678255df1bd326fa511a492aa3a0aa)
Reviewed-on: https://go-review.googlesource.com/c/go/+/567515
Reviewed-by: Carlos Amedee <carlos@golang.org>

src/html/template/js.go		diff \| blob \| history
src/html/template/js_test.go		diff \| blob \| history