People sometimes expect Join to trim .. components from its arguments
before joining, and are surprised that it doesn't. This is bad if they
were relying on that assumed behaviour to prevent directory traversal
attacks.
While a careful reading of the documentation for Join and Clean
might dispel this notion, it is not obvious at first glance.
Add a case to the examples to nudge people in the right direction.
Updates #40373
Change-Id: Ib5792c12ba1000811a0c0eb77048196d0b26da60
Reviewed-on: https://go-review.googlesource.com/c/go/+/249177
Run-TryBot: Ian Lance Taylor <iant@golang.org>
Reviewed-by: Ian Lance Taylor <iant@golang.org>
Reviewed-by: Rob Pike <r@golang.org>
fmt.Println(path.Join("a", "b", "c"))
fmt.Println(path.Join("a", "b/c"))
fmt.Println(path.Join("a/b", "c"))
+
+ fmt.Println(path.Join("a/b", "../../../xyz"))
+
fmt.Println(path.Join("", ""))
fmt.Println(path.Join("a", ""))
fmt.Println(path.Join("", "a"))
+
// Output:
// a/b/c
// a/b/c
// a/b/c
+ // ../xyz
//
// a
// a
fmt.Println(filepath.Join("a", "b/c"))
fmt.Println(filepath.Join("a/b", "c"))
fmt.Println(filepath.Join("a/b", "/c"))
+
+ fmt.Println(filepath.Join("a/b", "../../../xyz"))
+
// Output:
// On Unix:
// a/b/c
// a/b/c
// a/b/c
// a/b/c
+ // ../xyz
}
func ExampleMatch() {