]> Cypherpunks repositories - gostls13.git/commit
projects / gostls13.git / commit
summary | shortlog | log | commit | commitdiff | tree
(parent: dfffc7a) | patch
exp/template: escape < and > in JS escaper.
authorDavid Symonds <dsymonds@golang.org>
Thu, 14 Jul 2011 02:02:58 +0000 (12:02 +1000)
committerDavid Symonds <dsymonds@golang.org>
Thu, 14 Jul 2011 02:02:58 +0000 (12:02 +1000)
commita16ad6fe0fbd551b853f2585484de2d0b1f04e7d
tree020e5a8eeed7fae3f488a3a38f8ab6fb19656cd6tree
parentdfffc7a5d5b9436ce5c1c59cda53d19393fa7041commit | diff
exp/template: escape < and > in JS escaper.

Angle brackets can trigger some browser sniffers,
causing some output to be interpreted as HTML.
Escaping angle brackets closes that security hole.

R=r
CC=golang-dev
https://golang.org/cl/4714044
src/pkg/exp/template/exec_test.go diff | blob | history
src/pkg/exp/template/funcs.go diff | blob | history
Go GOST TLS 1.3