]> Cypherpunks repositories - gostls13.git/commitdiff
projects / gostls13.git / commitdiff
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: a200931)
[release-branch.go1] html, exp/html: escape ' and " as ' and ", since IE8 and
authorNigel Tao <nigeltao@golang.org>
Wed, 11 Apr 2012 23:35:43 +0000 (09:35 +1000)
committerNigel Tao <nigeltao@golang.org>
Wed, 11 Apr 2012 23:35:43 +0000 (09:35 +1000)
««« backport a70135896879
html, exp/html: escape ' and " as &#39; and &#34;, since IE8 and
below do not support &apos;.

This makes package html consistent with package text/template's
HTMLEscape function.

Fixes #3489.

R=rsc, mikesamuel, dsymonds
CC=golang-dev
https://golang.org/cl/5992071
»»»

src/pkg/html/escape.go patch | blob | history
src/pkg/net/http/server.go patch | blob | history
src/pkg/text/template/funcs.go patch | blob | history

diff --git a/src/pkg/html/escape.go b/src/pkg/html/escape.go
index fee771a5784e200eb47d42072ebb463e78aaaef9..24cb7af85240ff6cdec990aaa15891c05547019f 100644 (file)
--- a/src/pkg/html/escape.go
+++ b/src/pkg/html/escape.go
@@ -210,13 +210,15 @@ func escape(w writer, s string) error {
                case '&':
                        esc = "&amp;"
                case '\'':
-                       esc = "&apos;"
+                       // "&#39;" is shorter than "&apos;" and apos was not in HTML until HTML5.
+                       esc = "&#39;"
                case '<':
                        esc = "&lt;"
                case '>':
                        esc = "&gt;"
                case '"':
-                       esc = "&quot;"
+                       // "&#34;" is shorter than "&quot;".
+                       esc = "&#34;"
                default:
                        panic("unrecognized escape character")
                }
@@ -231,7 +233,7 @@ func escape(w writer, s string) error {
 }
 
 // EscapeString escapes special characters like "<" to become "&lt;". It
-// escapes only five such characters: amp, apos, lt, gt and quot.
+// escapes only five such characters: <, >, &, ' and ".
 // UnescapeString(EscapeString(s)) == s always holds, but the converse isn't
 // always true.
 func EscapeString(s string) string {
diff --git a/src/pkg/net/http/server.go b/src/pkg/net/http/server.go
index 228ac401968182fe6b4c2a42588892b322f0fec7..924ffd348156e030a98e227ec4bb5691761af46e 100644 (file)
--- a/src/pkg/net/http/server.go
+++ b/src/pkg/net/http/server.go
@@ -785,8 +785,10 @@ var htmlReplacer = strings.NewReplacer(
        "&", "&amp;",
        "<", "&lt;",
        ">", "&gt;",
-       `"`, "&quot;",
-       "'", "&apos;",
+       // "&#34;" is shorter than "&quot;".
+       `"`, "&#34;",
+       // "&#39;" is shorter than "&apos;" and apos was not in HTML until HTML5.
+       "'", "&#39;",
 )
 
 func htmlEscape(s string) string {
diff --git a/src/pkg/text/template/funcs.go b/src/pkg/text/template/funcs.go
index 525179cb499839a8a0e853d94e3dfe9b5bf3871f..8fbf0ef50a765eac21e96f1524c0f0936368c24e 100644 (file)
--- a/src/pkg/text/template/funcs.go
+++ b/src/pkg/text/template/funcs.go
@@ -246,7 +246,7 @@ func not(arg interface{}) (truth bool) {
 
 var (
        htmlQuot = []byte("&#34;") // shorter than "&quot;"
-       htmlApos = []byte("&#39;") // shorter than "&apos;"
+       htmlApos = []byte("&#39;") // shorter than "&apos;" and apos was not in HTML until HTML5
        htmlAmp  = []byte("&amp;")
        htmlLt   = []byte("&lt;")
        htmlGt   = []byte("&gt;")
Go GOST TLS 1.3