From 717f1d6a6c28f87cf5232ad1162b0c3c2ce595b9 Mon Sep 17 00:00:00 2001 From: Russ Cox Date: Sat, 22 Sep 2012 05:55:10 +1000 Subject: [PATCH] [release-branch.go1] html/template: fix URL doc MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit ««« backport fead9e11a489 html/template: fix URL doc This is the easy part of issue 3528. (What to do about "noescape" is the hard part, left open.) Update #3528. R=mikesamuel, r, dsymonds CC=golang-dev https://golang.org/cl/6493113 »»» --- src/pkg/html/template/content.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/pkg/html/template/content.go b/src/pkg/html/template/content.go index c1bd2e4949..42ea7930f0 100644 --- a/src/pkg/html/template/content.go +++ b/src/pkg/html/template/content.go @@ -47,7 +47,7 @@ type ( // JSStr("foo\\nbar") is fine, but JSStr("foo\\\nbar") is not. JSStr string - // URL encapsulates a known safe URL as defined in RFC 3896. + // URL encapsulates a known safe URL or URL substring (see RFC 3986). // A URL like `javascript:checkThatFormNotEditedBeforeLeavingPage()` // from a trusted source should go in the page, but by default dynamic // `javascript:` URLs are filtered out since they are a frequently -- 2.50.0