]> Cypherpunks.ru repositories - gostls13.git/commit
projects / gostls13.git / commit
summary | shortlog | log | commit | commitdiff | tree
(parent: d25a935) | patch
[release-branch.go1.21] html/template: support HTML-like comments in script contexts
authorRoland Shoemaker <bracewell@google.com>
Thu, 3 Aug 2023 19:24:13 +0000 (12:24 -0700)
committerCherry Mui <cherryyz@google.com>
Wed, 6 Sep 2023 14:20:08 +0000 (14:20 +0000)
commitb0e1d3ea26e8e8fce7726690c9ef0597e60739fb
tree4409b56fce5544b363cc9ad24e9ffdaa24994bb1tree
parentd25a935574efd573668d8ce9ea4cfc530bb63ecbcommit | diff
[release-branch.go1.21] html/template: support HTML-like comments in script contexts

Per Appendix B.1.1 of the ECMAScript specification, support HTML-like
comments in script contexts. Also per section 12.5, support hashbang
comments. This brings our parsing in-line with how browsers treat these
comment types.

Thanks to Takeshi Kaneko (GMO Cybersecurity by Ierae, Inc.) for
reporting this issue.

Fixes #62196
Fixes #62396
Fixes CVE-2023-39318

Change-Id: Id512702c5de3ae46cf648e268cb10e1eb392a181
Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1976593
Run-TryBot: Roland Shoemaker <bracewell@google.com>
Reviewed-by: Tatiana Bradley <tatianabradley@google.com>
Reviewed-by: Damien Neil <dneil@google.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/2014618
Reviewed-on: https://go-review.googlesource.com/c/go/+/526096
TryBot-Result: Gopher Robot <gobot@golang.org>
Run-TryBot: Cherry Mui <cherryyz@google.com>
src/html/template/context.go diff | blob | history
src/html/template/escape.go diff | blob | history
src/html/template/escape_test.go diff | blob | history
src/html/template/state_string.go diff | blob | history
src/html/template/transition.go diff | blob | history
Go GOST TLS 1.3