Cypherpunks repositories - gostls13.git/commit

author	Roland Shoemaker <roland@golang.org>
	Thu, 15 Feb 2024 01:18:36 +0000 (17:18 -0800)
committer	Carlos Amedee <carlos@golang.org>
	Wed, 28 Feb 2024 19:53:38 +0000 (19:53 +0000)
commit	056b0edcb8c152152021eebf4cf42adbfbe77992
tree	b1262b5f4d34f0051327da4cd8fdfad8d463b5d3	tree
parent	f73eba76a04f5a4c8a1ba1382c6c4ade7b21e720	commit \| diff

[release-branch.go1.22] html/template: escape additional tokens in MarshalJSON errors

Escape "</script" and "<!--" in errors returned from MarshalJSON errors
when attempting to marshal types in script blocks. This prevents any
user controlled content from prematurely terminating the script block.

Updates #65697
Fixes #65969

Change-Id: Icf0e26c54ea7d9c1deed0bff11b6506c99ddef1b
Reviewed-on: https://go-review.googlesource.com/c/go/+/564196
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Damien Neil <dneil@google.com>
(cherry picked from commit ccbc725f2d678255df1bd326fa511a492aa3a0aa)
Reviewed-on: https://go-review.googlesource.com/c/go/+/567535
Reviewed-by: Carlos Amedee <carlos@golang.org>

src/html/template/js.go		diff \| blob \| history
src/html/template/js_test.go		diff \| blob \| history