]> Cypherpunks.ru repositories - gostls13.git/commit
projects / gostls13.git / commit
summary | shortlog | log | commit | commitdiff | tree
(parent: 612da32) | patch
[release-branch.go1.20] html/template: support HTML-like comments in script contexts
authorRoland Shoemaker <bracewell@google.com>
Thu, 3 Aug 2023 19:24:13 +0000 (12:24 -0700)
committerCherry Mui <cherryyz@google.com>
Wed, 6 Sep 2023 14:22:29 +0000 (14:22 +0000)
commit023b542edf38e2a1f87fcefb9f75ff2f99401b4c
tree5e3155edbf5c3f3dd45fce471fcc983a92b88968tree
parent612da32fb5e9c1e9641cd55dc269518426057ea9commit | diff
[release-branch.go1.20] html/template: support HTML-like comments in script contexts

Per Appendix B.1.1 of the ECMAScript specification, support HTML-like
comments in script contexts. Also per section 12.5, support hashbang
comments. This brings our parsing in-line with how browsers treat these
comment types.

Thanks to Takeshi Kaneko (GMO Cybersecurity by Ierae, Inc.) for
reporting this issue.

Fixes #62196
Fixes #62395
Fixes CVE-2023-39318

Change-Id: Id512702c5de3ae46cf648e268cb10e1eb392a181
Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1976593
Run-TryBot: Roland Shoemaker <bracewell@google.com>
Reviewed-by: Tatiana Bradley <tatianabradley@google.com>
Reviewed-by: Damien Neil <dneil@google.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/2014620
Reviewed-on: https://go-review.googlesource.com/c/go/+/526098
Run-TryBot: Cherry Mui <cherryyz@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
src/html/template/context.go diff | blob | history
src/html/template/escape.go diff | blob | history
src/html/template/escape_test.go diff | blob | history
src/html/template/state_string.go diff | blob | history
src/html/template/transition.go diff | blob | history
Go GOST TLS 1.3