]> Cypherpunks repositories - gostls13.git/commitdiff
projects / gostls13.git / commitdiff
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 263ba3a)
html/template: ignore case when handling type attribute in script element
authorSamuel Tan <samueltan@google.com>
Thu, 13 Apr 2017 17:57:04 +0000 (10:57 -0700)
committerBrad Fitzpatrick <bradfitz@golang.org>
Thu, 20 Apr 2017 18:53:09 +0000 (18:53 +0000)
Convert the parsed attribute name to lowercase before checking its value in
the HTML parser state machine. This ensures that the type attribute in
the script element is handled in a case-sensitive manner, just like all
other attribute names.

Fixes #19965

Change-Id: I806d8c62aada2c3b5b4328aff75f217ea60cb339
Reviewed-on: https://go-review.googlesource.com/40650
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Russ Cox <rsc@golang.org>
src/html/template/attr.go patch | blob | history
src/html/template/escape_test.go patch | blob | history
src/html/template/transition.go patch | blob | history

diff --git a/src/html/template/attr.go b/src/html/template/attr.go
index d65d340073d8291edeed12ad9e4c2fa4e6af7db1..7438f51f6a9505addb42025fa3b2f087075b58cd 100644 (file)
--- a/src/html/template/attr.go
+++ b/src/html/template/attr.go
@@ -135,9 +135,8 @@ var attrTypeMap = map[string]contentType{
 }
 
 // attrType returns a conservative (upper-bound on authority) guess at the
-// type of the named attribute.
+// type of the lowercase named attribute.
 func attrType(name string) contentType {
-       name = strings.ToLower(name)
        if strings.HasPrefix(name, "data-") {
                // Strip data- so that custom attribute heuristics below are
                // widely applied.
diff --git a/src/html/template/escape_test.go b/src/html/template/escape_test.go
index 0a6a9e49c7c40a10b1f23cf23a222c908ed32d30..43869276c03a6121fb5f59c9661b892e6cf503c9 100644 (file)
--- a/src/html/template/escape_test.go
+++ b/src/html/template/escape_test.go
@@ -1404,6 +1404,11 @@ func TestEscapeText(t *testing.T) {
                        `<script type="TEXT/JAVASCRIPT">`,
                        context{state: stateJS, element: elementScript},
                },
+               // covering issue 19965
+               {
+                       `<script TYPE="text/template">`,
+                       context{state: stateText},
+               },
                {
                        `<script type="notjs">`,
                        context{state: stateText},
diff --git a/src/html/template/transition.go b/src/html/template/transition.go
index 4a4716d782043d22a79a44c5733a524a583cb323..5d34d6947e94cd958eccbdda8d96d27be061d62d 100644 (file)
--- a/src/html/template/transition.go
+++ b/src/html/template/transition.go
@@ -106,7 +106,7 @@ func tTag(c context, s []byte) (context, int) {
                }, len(s)
        }
 
-       attrName := string(s[i:j])
+       attrName := strings.ToLower(string(s[i:j]))
        if c.element == elementScript && attrName == "type" {
                attr = attrScriptType
        } else {
Go GOST TLS 1.3