)]}'
{
  "commit": "f2ec1254ff32fa39f3ce4faf72bbe44eeeeebad9",
  "tree": "e9e47e6107b9681e88b75942ccc6ed4c4839a7b9",
  "parents": [
    "76c2c9b32a58c22b01a589c580bcc70d78668e82"
  ],
  "author": {
    "name": "Neal Patel",
    "email": "nealpatel@google.com",
    "time": "Wed Apr 22 18:41:25 2026 -0400"
  },
  "committer": {
    "name": "Neal Patel",
    "email": "nealpatel@google.com",
    "time": "Wed Apr 29 09:04:38 2026 -0700"
  },
  "message": "html/template: fix escaping of URLs in meta content attributes\n\nThe WHATWG \"shared declarative refresh steps\" algorithm (§4.2.5.3)\nskips ASCII whitespace between \"url\" and \"\u003d\" when parsing the URL\nportion of a meta content attribute.\n\nThank you to Samy Ghannad for reporting this issue.\n\nUpdates #78913\nFixes CVE-2026-39823\n\nChange-Id: I7fc3bb9394b95e07b9b10fbc95725a3de6791774\nReviewed-on: https://go-review.googlesource.com/c/go/+/769920\nReviewed-by: Roland Shoemaker \u003croland@golang.org\u003e\nTryBot-Bypass: Roland Shoemaker \u003croland@golang.org\u003e\n",
  "tree_diff": [
    {
      "type": "modify",
      "old_id": "aef5e0195740a17c1efdd0501994a68f554131f0",
      "old_mode": 33188,
      "old_path": "src/html/template/escape_test.go",
      "new_id": "5ff173420207dd703908420b9abb67a3d54cd0ad",
      "new_mode": 33188,
      "new_path": "src/html/template/escape_test.go"
    },
    {
      "type": "modify",
      "old_id": "7fbab1df7b06ee02a40cc6b7c126864642830c71",
      "old_mode": 33188,
      "old_path": "src/html/template/transition.go",
      "new_id": "ea4b272cc241db91995e9621a78bed0398c9ef38",
      "new_mode": 33188,
      "new_path": "src/html/template/transition.go"
    }
  ]
}