)]}'
{
  "commit": "a63b23ffb2eebc9ca3a14c369b615ca623bb20f7",
  "tree": "2646493005ec62a57929c1eaa999d3285480144e",
  "parents": [
    "2c59389fcc5194aeae742fb413e55b656c22343f"
  ],
  "author": {
    "name": "Neal Patel",
    "email": "nealpatel@google.com",
    "time": "Mon Apr 27 17:34:58 2026 -0400"
  },
  "committer": {
    "name": "Neal Patel",
    "email": "nealpatel@google.com",
    "time": "Tue Apr 28 17:53:29 2026 -0700"
  },
  "message": "html/template: fix escaper bypass by treating empty script type as JavaScript\n\nThank you to Mundur (https://github.com/M0nd0R) for reporting this issue.\n\nFixes #78981\nFixes CVE-2026-39826\n\nChange-Id: I3f2e06496020ece655d156fb099ff556af8cc836\nReviewed-on: https://go-review.googlesource.com/c/go/+/771180\nReviewed-by: Roland Shoemaker \u003croland@golang.org\u003e\nLUCI-TryBot-Result: golang-scoped@luci-project-accounts.iam.gserviceaccount.com \u003cgolang-scoped@luci-project-accounts.iam.gserviceaccount.com\u003e\n",
  "tree_diff": [
    {
      "type": "modify",
      "old_id": "a39d696c42fc60f67bfbda798fde88fb5e663b4e",
      "old_mode": 33188,
      "old_path": "src/html/template/escape_test.go",
      "new_id": "aef5e0195740a17c1efdd0501994a68f554131f0",
      "new_mode": 33188,
      "new_path": "src/html/template/escape_test.go"
    },
    {
      "type": "modify",
      "old_id": "b3bf94801b238a034b59050dba0260aa7f360a57",
      "old_mode": 33188,
      "old_path": "src/html/template/js.go",
      "new_id": "e2db30f966ed7da80b3640fddcb145fa0fda95db",
      "new_mode": 33188,
      "new_path": "src/html/template/js.go"
    }
  ]
}