html/template: escape additional tokens in MarshalJSON errors - go - Fork of Go programming language with my patches.

diff options

author	Roland Shoemaker <roland@golang.org>	2024-02-14 17:18:36 -0800
committer	Roland Shoemaker <roland@golang.org>	2024-02-27 02:20:11 +0000
commit	ccbc725f2d678255df1bd326fa511a492aa3a0aa (patch)
tree	ced94819e022900dcd021726729e24bce55e9ee2 /src/database/sql
parent	fc0d9a4b7d8bfd1130b1fe8419b50fffa76b00a9 (diff)
download	go-ccbc725f2d678255df1bd326fa511a492aa3a0aa.tar.xz

html/template: escape additional tokens in MarshalJSON errors

Escape "</script" and "<!--" in errors returned from MarshalJSON errors when attempting to marshal types in script blocks. This prevents any user controlled content from prematurely terminating the script block. Fixes #65697 Change-Id: Icf0e26c54ea7d9c1deed0bff11b6506c99ddef1b Reviewed-on: https://go-review.googlesource.com/c/go/+/564196 LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Damien Neil <dneil@google.com>

Diffstat (limited to 'src/database/sql')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: