]> Cypherpunks repositories - gostls13.git/commit
projects / gostls13.git / commit
summary | shortlog | log | commit | commitdiff | tree
(parent: fc1f0bd) | patch
json: escape < and > in any JSON string.
authorDavid Symonds <dsymonds@golang.org>
Thu, 14 Jul 2011 03:30:08 +0000 (13:30 +1000)
committerDavid Symonds <dsymonds@golang.org>
Thu, 14 Jul 2011 03:30:08 +0000 (13:30 +1000)
commitcbad580e9cd42f27a9db7f4b096ee0d07dedb619
tree69a2a110d9e20a6c2e56e59edf7b58bfda626669tree
parentfc1f0bd5e90119278f71cb468bb02a4ecf9d37accommit | diff
json: escape < and > in any JSON string.

Angle brackets can trigger some browser sniffers, causing
some forms of JSON output to be interpreted as HTML.
Escaping angle brackets closes that security hole.

R=rsc
CC=golang-dev
https://golang.org/cl/4701047
src/pkg/json/decode_test.go diff | blob | history
src/pkg/json/encode.go diff | blob | history
Go GOST TLS 1.3