From: Mike Samuel <mikesamuel@gmail.com>
Date: Wed, 28 Sep 2011 20:32:56 +0000 (-0700)
Subject: exp/template/html: don't normalize '<' in doctypes.
X-Git-Tag: weekly.2011-10-06~70
X-Git-Url: http://www.git.cypherpunks.su/?a=commitdiff_plain;h=582bb304662f2da08f99bf7d05d3fbb634bb531b;p=gostls13.git

exp/template/html: don't normalize '<' in doctypes.

The normalization that prevents element name and comment injection in
  <{{.}}
by converting it to
  &lt;{{.}}
breaks
  <!DOCTYPE html>

Instead of splitting states to have a start of document state and a text
state, I whitelist <!DOCTYPE.

R=nigeltao
CC=golang-dev
https://golang.org/cl/5131051
---

diff --git a/src/pkg/exp/template/html/escape.go b/src/pkg/exp/template/html/escape.go
index bb286c8844..c43a16425f 100644
--- a/src/pkg/exp/template/html/escape.go
+++ b/src/pkg/exp/template/html/escape.go
@@ -549,6 +549,8 @@ var delimEnds = [...]string{
 	delimSpaceOrTagEnd: " \t\n\f\r>",
 }
 
+var doctypeBytes = []byte("<!DOCTYPE")
+
 // escapeText escapes a text template node.
 func (e *escaper) escapeText(c context, n *parse.TextNode) context {
 	s, written, i, b := n.Text, 0, 0, new(bytes.Buffer)
@@ -566,7 +568,7 @@ func (e *escaper) escapeText(c context, n *parse.TextNode) context {
 				}
 			}
 			for j := i; j < end; j++ {
-				if s[j] == '<' {
+				if s[j] == '<' && !bytes.HasPrefix(s[j:], doctypeBytes) {
 					b.Write(s[written:j])
 					b.WriteString("&lt;")
 					written = j + 1
diff --git a/src/pkg/exp/template/html/escape_test.go b/src/pkg/exp/template/html/escape_test.go
index c464459165..0ca3c56619 100644
--- a/src/pkg/exp/template/html/escape_test.go
+++ b/src/pkg/exp/template/html/escape_test.go
@@ -420,6 +420,16 @@ func TestEscape(t *testing.T) {
 			"a<<!-- --><!-- -->b",
 			"a&lt;b",
 		},
+		{
+			"HTML doctype not normalized",
+			"<!DOCTYPE html>Hello, World!",
+			"<!DOCTYPE html>Hello, World!",
+		},
+		{
+			"No doctype injection",
+			`<!{{"DOCTYPE"}}`,
+			"&lt;!DOCTYPE",
+		},
 		{
 			"Split HTML comment",
 			"<b>Hello, <!-- name of {{if .T}}city -->{{.C}}{{else}}world -->{{.W}}{{end}}</b>",