Mike Samuel [Thu, 22 Sep 2011 04:38:40 +0000 (21:38 -0700)]
exp/template/html: elide comments in template source.
When templates are stored in external files, developers often embed
comments to explain&|disable code.
<!-- Oblique reference to project code name here -->
{{if .C}}...{{else}}<!-- commented out default -->{{end}}
This unnecessarily increases the size of shipped HTML and can leak
information.
This change elides all comments of the following types:
1. <!-- ... --> comments found in source.
2. /*...*/ and // comments found in <script> elements.
3. /*...*/ and // comments found in <style> elements.
It does not elide /*...*/ or // comments found in HTML attributes:
4. <button onclick="/*...*/">
5. <div style="/*...*/">
I can find no examples of comments in attributes in Closure Templates
code and doing so would require keeping track of character positions
post decode in
<button onclick="/*...*/">
To prevent token joining, /*comments*/ are JS and CSS comments are
replaced with a whitespace char.
HTML comments are not, but to prevent token joining we could try to
detect cases like
<<!---->b>
</<!---->b>
which has a well defined meaning in HTML but will cause a validator
to barf. This is difficult, and this is a very minor case.
I have punted for now, but if we need to address this case, the best
way would be to normalize '<' in stateText to '<' consistently.
The whitespace to replace a JS /*comment*/ with depends on whether
there is an embedded line terminator since
break/*
*/foo
...
is equivalent to
break;
foo
...
while
break/**/foo
...
is equivalent to
break foo;
...
Comment eliding can interfere with IE conditional comments.
http://en.wikipedia.org/wiki/Conditional_comment
<!--[if IE 6]>
<p>You are using Internet Explorer 6.</p>
<![endif]-->
/*@cc_on
document.write("You are using IE4 or higher");
@*/
I have not encountered these in production template code, and
the typed content change in CL 4962067 provides an escape-hatch
if conditional comments are needed.
Mike Samuel [Thu, 22 Sep 2011 02:04:41 +0000 (19:04 -0700)]
exp/template/html: simplify transition functions
This simplifies transition functions to make it easier to reliably
elide comments in a later CL.
Before:
- transition functions are responsible for detecting special end tags.
After:
- the code to detect special end tags is done in one place.
We were relying on end tags being skipped which meant we were
not noticing comments inside script/style elements that contain no
substitutions.
This change means we will notice all such comments where necessary,
but stripTags will notice none since it does not need to. This speeds
up stripTags.
Ian Lance Taylor [Thu, 22 Sep 2011 00:25:48 +0000 (17:25 -0700)]
test: match gccgo error messages
bug363.go:13:12: error: invalid context-determined non-integer type for shift operand
bug363.go:16:12: error: invalid context-determined non-integer type for shift operand
pointer.go:34:6: error: incompatible type in initialization (pointer to interface type has no methods)
pointer.go:36:6: error: incompatible type in initialization
method2.go:15:1: error: invalid pointer or interface receiver type
method2.go:16:1: error: invalid pointer or interface receiver type
method2.go:21:1: error: invalid pointer or interface receiver type
method2.go:22:1: error: invalid pointer or interface receiver type
method2.go:28:15: error: type ‘*Val’ has no method ‘val’
method2.go:33:11: error: reference to undefined field or method ‘val’
shift1.go:19:16: error: invalid context-determined non-integer type for shift operand
shift1.go:24:19: error: invalid context-determined non-integer type for shift operand
shift1.go:25:17: error: invalid context-determined non-integer type for shift operand
shift1.go:18:18: error: shift of non-integer operand
shift1.go:26:13: error: floating point constant truncated to integer
shift1.go:33:15: error: integer constant overflow
shift1.go:34:15: error: integer constant overflow
shift1.go:35:17: error: integer constant overflow
R=golang-dev, r
CC=golang-dev
https://golang.org/cl/5081051
The documentation for bytes.Replace says it copies
the slice but it won't necessarily copy them. Since
the data is mutable, breaking the contract is an issue.
We either have to fix this by making the copy at all
times, as suggested in this CL, or we should change the
documentation and perhaps make better use of the fact
it's fine to mutate the slice in place otherwise.
Ian Lance Taylor [Tue, 20 Sep 2011 23:47:17 +0000 (16:47 -0700)]
test: match gccgo error messages
Added a return to bug357.go to avoid an error which gccgo
reports but 6g does not.
bug353.go:16:14: error: reference to undefined identifer ‘io.ReadWriterCloser’
bug357.go:18:2: error: value computed is not used
bug358.go:14:11: error: imported and not used: ioutil
bug358.go:19:9: error: invalid use of type
bug359.go:25:14: error: redefinition of ‘a’
bug359.go:25:6: note: previous definition of ‘a’ was here
bug359.go:19:6: error: incompatible type in initialization (implicit assignment of ‘list.List’ hidden field ‘front’)
bug362.go:13:6: error: iota is only defined in const declarations
bug362.go:14:6: error: iota is only defined in const declarations
bug362.go:15:6: error: iota is only defined in const declarations
bug363.go:13:12: error: shift of non-integer operand
bug363.go:16:12: error: shift of non-integer operand
Robert Griesemer [Tue, 20 Sep 2011 21:36:19 +0000 (14:36 -0700)]
suffixarray: improved serialization code
Use gobs to serialize indexes instead of encoding/binary.
Even with gobs, serialize data in slices instead of
applying gob to the entire data structure at once,
to reduce the amount of extra buffer memory needed
inside gob.
7x faster Write/Read for new BenchmarkSaveRestore
compared to old code; possibly because encoding/binary
is more expensive for int32 slice elements (interface
call to get little/big endian encoding), while gob's
encoding is fixed (unconfirmed).
new (using gobs):
suffixarray.BenchmarkSaveRestore 1 2153604000 ns/op
old (using encoding/binary):
suffixarray.BenchmarkSaveRestore 1 15118322000 ns/op
The actual serialized data is slightly larger then using
the old code for very large indices because full 32bit indices
require 5bytes using gobs instead of 4bytes (encoding/binary)
in serialized form.
Dave Cheney [Tue, 20 Sep 2011 16:21:50 +0000 (12:21 -0400)]
exp/ssh: refactor halfConnection to transport
This CL generalises the pair of halfConnection members that the
serverConn holds into a single transport struct that is shared by
both Server and Client, see also CL 5037047.
This CL is a replacement for 5040046 which I closed by accident.
Dave Cheney [Mon, 19 Sep 2011 15:50:45 +0000 (11:50 -0400)]
8l: remove left over debugging
This line was triggering a null dereference warning
under clang-3.0. The line was added in a46819aa9150
but compared to it's sibling in 6l it appears to be
leftover debugging.
Mike Samuel [Mon, 19 Sep 2011 02:10:15 +0000 (19:10 -0700)]
exp/template/html: allow quotes on either side of conditionals and dynamic HTML names
This addresses several use cases:
(1) <h{{.HeaderLevel}}> used to build hierarchical documents.
(2) <input on{{.EventType}}=...> used in widgets.
(3) <div {{" dir=ltr"}}> used to embed bidi-hints.
It also makes sure that we treat the two templates below the same:
Mike Samuel [Sun, 18 Sep 2011 19:04:40 +0000 (12:04 -0700)]
exp/template/html: normalize '<' in text and RCDATA nodes.
The template
<{{.}}
would violate the structure preservation property if allowed and not
normalized, because when {{.}} emitted "", the "<" would be part of
a text node, but if {{.}} emitted "a", the "<" would not be part of
a text node.
This change rewrites '<' in text nodes and RCDATA text nodes to
'<' allowing template authors to write the common, and arguably more
readable:
Your price: {{.P1}} < list price {{.P2}}
while preserving the structure preservation property.
It also lays the groundwork for comment elision, rewriting
Foo <!-- comment with secret project details --> Bar
Adam Langley [Sat, 17 Sep 2011 19:57:24 +0000 (15:57 -0400)]
exp/ssh: new package.
The typical UNIX method for controlling long running process is to
send the process signals. Since this doesn't get you very far, various
ad-hoc, remote-control protocols have been used over time by programs
like Apache and BIND.
Implementing an SSH server means that Go code will have a standard,
secure way to do this in the future.
Michael Shields [Sat, 17 Sep 2011 03:30:54 +0000 (20:30 -0700)]
filepath: fix Glob to return no error on nonmatching patterns
filepath.Glob is documented to return nil if no files match
and an error only if the pattern is invalid. This change
fixes it to work as documented and adds a regression test.
R=golang-dev, r
CC=golang-dev
https://golang.org/cl/5040045
http/cgi: clean up environment.
clean up duplicate environment for CGI.
overriding former by latter.
On windows, When there are duplicated environments like following,
http/cgi should behave "SCRIPT_FILENAME is foo.php".
But currently, http/cgi is set duplicate environment entries.
So, browser show binary dump of "php-cgi.exe" that is specified indented
SCRIPT_FILENAME in first entry.
This change clean up duplicates, and use latters.
exp/norm: reverting to using strings.Repeat, as it doesn't look like exp/regexp
is going to support returning multiple matches for a single repeated group.
Mike Samuel [Fri, 16 Sep 2011 02:05:33 +0000 (19:05 -0700)]
exp/template/html: moved error docs out of package docs onto error codes
This replaces the errStr & errLine members of context with a single err
*Error, and introduces a number of const error codes, one per
escape-time failure mode, that can be separately documented.
The changes to the error documentation moved from doc.go to error.go
are cosmetic.
Robert Griesemer [Thu, 15 Sep 2011 23:21:42 +0000 (16:21 -0700)]
godoc: use new index/suffixarray serialization code
When saving/restoring the fulltext index, the entire
respective suffixarray is now saved/restored (as opposed
to the indexed data only, and the suffixarray recreated).
This saves significant start-up time for large indexes,
at the cost of significantly larger index files.
However, it is also common to write files that
apply to multiple architectures, so a recent CL added
to go/build the ability to process comments
listing a set of conditions for building. For example:
// +build darwin freebsd openbsd/386
says that this file should be compiled only on
OS X, FreeBSD, or 32-bit x86 OpenBSD systems.
These conventions are not yet documented
(hence this long CL description).
This CL adds build comments to the multi-system
files in the core library, a step toward making it
possible to use go/build to build them.
With this change go/build can handle crypto/rand,
exec, net, path/filepath, os/user, and time.
Mike Samuel [Thu, 15 Sep 2011 15:51:55 +0000 (08:51 -0700)]
exp/template/html: pre-sanitized content
Not all content is plain text. Sometimes content comes from a trusted
source, such as another template invocation, an HTML tag whitelister,
etc.
Template authors can deal with over-escaping in two ways.
1) They can encapsulate known-safe content via
type HTML, type CSS, type URL, and friends in content.go.
2) If they know that the for a particular action never needs escaping
then they can add |noescape to the pipeline.
{{.KnownSafeContent | noescape}}
which will prevent any escaping directives from being added.
This CL defines string type aliases: HTML, CSS, JS, URI, ...
It then modifies stringify to unpack the content type.
Finally it modifies the escaping functions to use the content type and
decline to escape content that does not require it.
There are minor changes to escapeAction and helpers to treat as
equivalent explicit escaping directives such as "html" and "urlquery"
and the escaping directives defined in the contextual autoescape module
and to recognize the special "noescape" directive.
The html escaping functions are rearranged. Instead of having one
escaping function used in each {{.}} in
{{.}} : <textarea title="{{.}}">{{.}}</textarea>
a slightly different escaping function is used for each.
When {{.}} binds to a pre-sanitized string of HTML
`one < <i>two</i> & two < "3"`
we produces something like
one < <i>two</i> & two < "3" :
<textarea title="one < two & two < "3"">
one < <i>two</i> & two < "3"
</textarea>
Although escaping is not required in <textarea> normally, if the
substring </textarea> is injected, then it breaks, so we normalize
special characters in RCDATA and do the same to preserve attribute
boundaries. We also strip tags since developers never intend
typed HTML injected in an attribute to contain tags escaped, but
do occasionally confuse pre-escaped HTML with HTML from a
tag-whitelister.
Mike Samuel [Thu, 15 Sep 2011 03:40:50 +0000 (20:40 -0700)]
exp/template/html: render templates unusable when escaping fails
This moots a caveat in the proposed package documentation by
rendering useless any template that could not be escaped.
From https://golang.org/cl/4969078/
> If EscapeSet returns an error, do not Execute the set; it is not
> safe against injection.
r: [but isn't the returned set nil? i guess you don't overwrite the
r: original if there's a problem, but i think you're in your rights to
r: do so]
runtime: eliminate handle churn when churning channels on Windows
The Windows implementation of the net package churns through a couple of channels for every read/write operation. This translates into a lot of time spent in the kernel creating and deleting event objects.
Adam Langley [Wed, 14 Sep 2011 19:32:19 +0000 (15:32 -0400)]
crypto/tls: support SSLv3
It would be nice not to have to support this since all the clients
that we care about support TLSv1 by now. However, due to buggy
implementations of SSLv3 on the Internet which can't do version
negotiation correctly, browsers will sometimes switch to SSLv3. Since
there's no good way for a browser tell a network problem from a buggy
server, this downgrade can occur even if the server in question is
actually working correctly.