Cypherpunks.ru repositories - gostls13.git/commit

author	Roland Shoemaker <bracewell@google.com>
	Tue, 11 Apr 2023 15:27:43 +0000 (16:27 +0100)
committer	Carlos Amedee <carlos@golang.org>
	Tue, 2 May 2023 16:35:35 +0000 (16:35 +0000)
commit	4a28cad66655ee01c6e944271e23c33cab021765
tree	7a203820ddf23d054584b7774919b882c9770797	tree
parent	090590fdccc8442728aa31601927da1bf2ef1288	commit \| diff

[release-branch.go1.20] html/template: handle all JS whitespace characters

Rather than just a small set. Character class as defined by \s [0].

Thanks to Juho Nurminen of Mattermost for reporting this.

For #59721
Fixes #59814
Fixes CVE-2023-24540

[0] https://developer.mozilla.org/en-US/docs/Web/JavaScript/Guide/Regular_Expressions/Character_Classes

Change-Id: I56d4fa1ef08125b417106ee7dbfb5b0923b901ba
Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1821459
Reviewed-by: Julie Qiu <julieqiu@google.com>
Run-TryBot: Roland Shoemaker <bracewell@google.com>
Reviewed-by: Damien Neil <dneil@google.com>
Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1851493
TryBot-Result: Security TryBots <security-trybots@go-security-trybots.iam.gserviceaccount.com>
Run-TryBot: Damien Neil <dneil@google.com>
Reviewed-by: Roland Shoemaker <bracewell@google.com>
Reviewed-on: https://go-review.googlesource.com/c/go/+/491356
Run-TryBot: Carlos Amedee <carlos@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>

src/html/template/js.go		diff \| blob \| history
src/html/template/js_test.go		diff \| blob \| history