| Age | Commit message (Collapse) | Author |
|---|
|
An unquoted action used as an attribute value can result in unsafe
behavior if it is empty, as HTML normalization will result in unexpected
attributes, and may allow attribute injection. If executing a template
results in a empty unquoted attribute value, emit filterFailsafe
instead.
Thanks to Juho Nurminen of Mattermost for reporting this issue.
Fixes #59722
Fixes CVE-2023-29400
Change-Id: Ia38d1b536ae2b4af5323a6c6d861e3c057c2570a
Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1826631
Reviewed-by: Julie Qiu <julieqiu@google.com>
Run-TryBot: Roland Shoemaker <bracewell@google.com>
Reviewed-by: Damien Neil <dneil@google.com>
Reviewed-on: https://go-review.googlesource.com/c/go/+/491617
Run-TryBot: Carlos Amedee <carlos@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
|
|
Change-Id: Iab6ef8c6c74c09e8358f7d7088a82089725479ee
Reviewed-on: https://go-review.googlesource.com/c/go/+/428260
Run-TryBot: Ian Lance Taylor <iant@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Robert Griesemer <gri@google.com>
Reviewed-by: Ian Lance Taylor <iant@google.com>
Auto-Submit: Ian Lance Taylor <iant@google.com>
|
|
[This CL is part of a sequence implementing the proposal #51082.
The design doc is at https://go.dev/s/godocfmt-design.]
Run the updated gofmt, which reformats doc comments,
on the main repository. Vendored files are excluded.
For #51082.
Change-Id: I7332f099b60f716295fb34719c98c04eb1a85407
Reviewed-on: https://go-review.googlesource.com/c/go/+/384268
Reviewed-by: Jonathan Amsterdam <jba@google.com>
Reviewed-by: Ian Lance Taylor <iant@golang.org>
|
|
And then revert the bootstrap cmd directories and certain testdata.
And adjust tests as needed.
Not reverting the changes in std that are bootstrapped,
because some of those changes would appear in API docs,
and we want to use any consistently.
Instead, rewrite 'any' to 'interface{}' in cmd/dist for those directories
when preparing the bootstrap copy.
A few files changed as a result of running gofmt -w
not because of interface{} -> any but because they
hadn't been updated for the new //go:build lines.
Fixes #49884.
Change-Id: Ie8045cba995f65bd79c694ec77a1b3d1fe01bb09
Reviewed-on: https://go-review.googlesource.com/c/go/+/368254
Trust: Russ Cox <rsc@golang.org>
Run-TryBot: Russ Cox <rsc@golang.org>
Reviewed-by: Robert Griesemer <gri@golang.org>
TryBot-Result: Gopher Robot <gobot@golang.org>
|
|
CL 236857 removed all uses of whitelist/blacklist, which is great.
But it substituted awkward phrasing using allowlist/blocklist,
especially as verbs or participles. This CL uses more standard English,
like "allow the function" or "blocked functions" instead of
"allowlist the function" or "blocklisted functions".
Change-Id: I9106a2fdbd62751c4cbda3a77181358a8a6d0f13
Reviewed-on: https://go-review.googlesource.com/c/go/+/236917
Run-TryBot: Russ Cox <rsc@golang.org>
Reviewed-by: Ian Lance Taylor <iant@golang.org>
|
|
There's been plenty of discussion on the usage of these terms in tech.
I'm not trying to have yet another debate. It's clear that there are
people who are hurt by them and who are made to feel unwelcome by their
use due not to technical reasons but to their historical and social
context. That's simply enough reason to replace them.
Anyway, allowlist and blocklist are more self-explanatory than whitelist
and blacklist, so this change has negative cost.
Didn't change vendored, bundled, and minified files. Nearly all changes
are tests or comments, with a couple renames in cmd/link and cmd/oldlink
which are extremely safe. This should be fine to land during the freeze
without even asking for an exception.
Change-Id: I8fc54a3c8f9cc1973b710bbb9558a9e45810b896
Reviewed-on: https://go-review.googlesource.com/c/go/+/236857
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Reviewed-by: Khosrow Moossavi <khos2ow@gmail.com>
Reviewed-by: Leigh McCulloch <leighmcc@gmail.com>
Reviewed-by: Urban Ishimwe <urbainishimwe@gmail.com>
|
|
...and size initial buffers more accurately.
Easy pickings only. More might remain.
name old time/op new time/op delta
CSSEscaper-8 1.17µs ± 1% 0.80µs ± 2% -31.55% (p=0.000 n=44+48)
CSSEscaperNoSpecials-8 205ns ± 2% 204ns ± 3% -0.73% (p=0.014 n=46+49)
DecodeCSS-8 438ns ± 2% 436ns ± 2% ~ (p=0.099 n=48+47)
DecodeCSSNoSpecials-8 6.11ns ± 3% 5.93ns ± 3% -2.85% (p=0.000 n=50+48)
CSSValueFilter-8 149ns ± 0% 145ns ± 0% -2.68% (p=0.000 n=32+35)
CSSValueFilterOk-8 238ns ± 2% 234ns ± 2% -1.40% (p=0.000 n=49+47)
EscapedExecute-8 2.53µs ± 2% 2.55µs ± 1% +0.87% (p=0.000 n=48+49)
HTMLNospaceEscaper-8 1.35µs ± 2% 0.92µs ± 1% -31.74% (p=0.000 n=48+48)
HTMLNospaceEscaperNoSpecials-8 278ns ± 2% 263ns ± 2% -5.17% (p=0.000 n=47+49)
StripTags-8 778ns ± 2% 786ns ± 1% +0.96% (p=0.000 n=46+47)
StripTagsNoSpecials-8 84.2ns ± 1% 84.1ns ± 1% ~ (p=0.300 n=48+48)
JSValEscaperWithNum-8 506ns ± 2% 486ns ± 3% -3.82% (p=0.000 n=47+45)
JSValEscaperWithStr-8 1.61µs ± 1% 1.64µs ± 1% +1.75% (p=0.000 n=44+49)
JSValEscaperWithStrNoSpecials-8 548ns ± 2% 552ns ± 2% +0.78% (p=0.000 n=48+46)
JSValEscaperWithObj-8 1.91µs ± 2% 1.87µs ± 1% -2.08% (p=0.000 n=49+47)
JSValEscaperWithObjNoSpecials-8 735ns ± 2% 742ns ± 2% +1.01% (p=0.000 n=47+49)
JSStrEscaperNoSpecials-8 228ns ± 4% 211ns ± 3% -7.53% (p=0.000 n=50+49)
JSStrEscaper-8 1.11µs ± 1% 0.78µs ± 1% -29.94% (p=0.000 n=48+48)
JSRegexpEscaperNoSpecials-8 214ns ± 2% 212ns ± 3% -1.12% (p=0.000 n=50+49)
JSRegexpEscaper-8 1.17µs ± 0% 0.79µs ± 1% -31.92% (p=0.000 n=48+47)
TemplateSpecialTags-8 172µs ± 1% 172µs ± 1% ~ (p=0.976 n=48+47)
URLEscaper-8 1.88µs ± 2% 1.87µs ± 2% -0.56% (p=0.001 n=49+49)
URLEscaperNoSpecials-8 162ns ± 1% 169ns ± 1% +3.76% (p=0.000 n=49+50)
URLNormalizer-8 1.29µs ± 3% 1.29µs ± 2% -0.37% (p=0.041 n=48+48)
URLNormalizerNoSpecials-8 185ns ± 1% 186ns ± 1% +0.15% (p=0.013 n=49+49)
SrcsetFilter-8 616ns ± 1% 618ns ± 1% +0.36% (p=0.000 n=46+46)
SrcsetFilterNoSpecials-8 359ns ± 0% 352ns ± 0% -1.93% (p=0.000 n=40+43)
[Geo mean] 560ns 525ns -6.17%
name old alloc/op new alloc/op delta
CSSEscaper-8 672B ± 0% 336B ± 0% -50.00% (p=0.000 n=50+50)
CSSEscaperNoSpecials-8 0.00B 0.00B ~ (all equal)
DecodeCSS-8 160B ± 0% 160B ± 0% ~ (all equal)
DecodeCSSNoSpecials-8 0.00B 0.00B ~ (all equal)
CSSValueFilter-8 96.0B ± 0% 96.0B ± 0% ~ (all equal)
CSSValueFilterOk-8 48.0B ± 0% 48.0B ± 0% ~ (all equal)
EscapedExecute-8 688B ± 0% 624B ± 0% -9.30% (p=0.000 n=50+50)
HTMLNospaceEscaper-8 752B ± 0% 368B ± 0% -51.06% (p=0.000 n=50+50)
HTMLNospaceEscaperNoSpecials-8 48.0B ± 0% 32.0B ± 0% -33.33% (p=0.000 n=50+50)
StripTags-8 224B ± 0% 224B ± 0% ~ (all equal)
StripTagsNoSpecials-8 112B ± 0% 112B ± 0% ~ (all equal)
JSValEscaperWithNum-8 96.0B ± 0% 40.0B ± 0% -58.33% (p=0.000 n=50+50)
JSValEscaperWithStr-8 384B ± 0% 384B ± 0% ~ (all equal)
JSValEscaperWithStrNoSpecials-8 96.0B ± 0% 96.0B ± 0% ~ (all equal)
JSValEscaperWithObj-8 448B ± 0% 448B ± 0% ~ (all equal)
JSValEscaperWithObjNoSpecials-8 160B ± 0% 160B ± 0% ~ (all equal)
JSStrEscaperNoSpecials-8 0.00B 0.00B ~ (all equal)
JSStrEscaper-8 672B ± 0% 336B ± 0% -50.00% (p=0.000 n=50+50)
JSRegexpEscaperNoSpecials-8 0.00B 0.00B ~ (all equal)
JSRegexpEscaper-8 672B ± 0% 336B ± 0% -50.00% (p=0.000 n=50+50)
TemplateSpecialTags-8 48.0kB ± 0% 47.9kB ± 0% -0.13% (p=0.000 n=50+48)
URLEscaper-8 336B ± 0% 336B ± 0% ~ (all equal)
URLEscaperNoSpecials-8 112B ± 0% 112B ± 0% ~ (all equal)
URLNormalizer-8 176B ± 0% 176B ± 0% ~ (all equal)
URLNormalizerNoSpecials-8 112B ± 0% 112B ± 0% ~ (all equal)
SrcsetFilter-8 160B ± 0% 160B ± 0% ~ (all equal)
SrcsetFilterNoSpecials-8 160B ± 0% 160B ± 0% ~ (all equal)
[Geo mean] 259B 216B -16.60%
name old allocs/op new allocs/op delta
CSSEscaper-8 4.00 ± 0% 2.00 ± 0% -50.00% (p=0.000 n=50+50)
CSSEscaperNoSpecials-8 0.00 0.00 ~ (all equal)
DecodeCSS-8 1.00 ± 0% 1.00 ± 0% ~ (all equal)
DecodeCSSNoSpecials-8 0.00 0.00 ~ (all equal)
CSSValueFilter-8 2.00 ± 0% 2.00 ± 0% ~ (all equal)
CSSValueFilterOk-8 3.00 ± 0% 3.00 ± 0% ~ (all equal)
EscapedExecute-8 18.0 ± 0% 18.0 ± 0% ~ (all equal)
HTMLNospaceEscaper-8 5.00 ± 0% 3.00 ± 0% -40.00% (p=0.000 n=50+50)
HTMLNospaceEscaperNoSpecials-8 1.00 ± 0% 1.00 ± 0% ~ (all equal)
StripTags-8 3.00 ± 0% 3.00 ± 0% ~ (all equal)
StripTagsNoSpecials-8 2.00 ± 0% 2.00 ± 0% ~ (all equal)
JSValEscaperWithNum-8 3.00 ± 0% 3.00 ± 0% ~ (all equal)
JSValEscaperWithStr-8 2.00 ± 0% 2.00 ± 0% ~ (all equal)
JSValEscaperWithStrNoSpecials-8 2.00 ± 0% 2.00 ± 0% ~ (all equal)
JSValEscaperWithObj-8 3.00 ± 0% 3.00 ± 0% ~ (all equal)
JSValEscaperWithObjNoSpecials-8 3.00 ± 0% 3.00 ± 0% ~ (all equal)
JSStrEscaperNoSpecials-8 0.00 0.00 ~ (all equal)
JSStrEscaper-8 4.00 ± 0% 2.00 ± 0% -50.00% (p=0.000 n=50+50)
JSRegexpEscaperNoSpecials-8 0.00 0.00 ~ (all equal)
JSRegexpEscaper-8 4.00 ± 0% 2.00 ± 0% -50.00% (p=0.000 n=50+50)
TemplateSpecialTags-8 185 ± 0% 185 ± 0% ~ (all equal)
URLEscaper-8 4.00 ± 0% 4.00 ± 0% ~ (all equal)
URLEscaperNoSpecials-8 2.00 ± 0% 2.00 ± 0% ~ (all equal)
URLNormalizer-8 3.00 ± 0% 3.00 ± 0% ~ (all equal)
URLNormalizerNoSpecials-8 2.00 ± 0% 2.00 ± 0% ~ (all equal)
SrcsetFilter-8 3.00 ± 0% 3.00 ± 0% ~ (all equal)
SrcsetFilterNoSpecials-8 3.00 ± 0% 3.00 ± 0% ~ (all equal)
[Geo mean] 3.41 3.05 -10.65%
Change-Id: I809ea56495ce1881656af7e24621448ab64b449a
Reviewed-on: https://go-review.googlesource.com/c/155919
Run-TryBot: Josh Bleecher Snyder <josharian@gmail.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
|
|
Each URL was manually verified to ensure it did not serve up incorrect
content.
Change-Id: I4dc846227af95a73ee9a3074d0c379ff0fa955df
Reviewed-on: https://go-review.googlesource.com/115798
Reviewed-by: Ian Lance Taylor <iant@golang.org>
Run-TryBot: Ian Lance Taylor <iant@golang.org>
|
|
In css, js, and html, the replacement operations are implemented
by iterating on strings (rune by rune). The for/range
statement is used. The length of the rune is required
and added to the index to properly slice the string.
This is potentially wrong because there is a discrepancy between
the result of utf8.RuneLen and the increment of the index
(set by the for/range statement). For invalid strings,
utf8.RuneLen('\ufffd') == 3, while the index is incremented
only by 1 byte.
htmlReplacer triggers a panic at slicing time for some
invalid strings.
Use a more robust iteration mechanism based on
utf8.DecodeRuneInString, and make sure the same
pattern is used for all similar functions in this
package.
Fixes #10799
Change-Id: Ibad3857b2819435d9fa564f06fc2ca8774102841
Reviewed-on: https://go-review.googlesource.com/10105
Reviewed-by: Rob Pike <r@golang.org>
|
|
Preparation was in CL 134570043.
This CL contains only the effect of 'hg mv src/pkg/* src'.
For more about the move, see golang.org/s/go14nopkg.
|
