commit | 8ffa475fbdb33da97e8bf79cc5791ee8751fca5e | [log] [tgz] |
---|---|---|
author | Roland Shoemaker <bracewell@google.com> | Thu Jul 06 10:25:47 2023 -0700 |
committer | Damien Neil <dneil@google.com> | Tue Aug 01 17:41:59 2023 +0000 |
tree | 3c2cb18d731aa71f77aa78f584738f039f59db1c | |
parent | 63fe334ad57133b911a1422472a28b11de828c89 [diff] |
html: only render content literally in the HTML namespace Per the WHATWG HTML specification, section 13.3, only append the literal content of a text node if we are in the HTML namespace. Thanks to Mohammad Thoriq Aziz for reporting this issue. Fixes golang/go#61615 Fixes CVE-2023-3978 Change-Id: I332152904d4e7646bd2441602bcbe591fc655fa4 Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1942896 Reviewed-by: Tatiana Bradley <tatianabradley@google.com> Run-TryBot: Roland Shoemaker <bracewell@google.com> Reviewed-by: Damien Neil <dneil@google.com> TryBot-Result: Security TryBots <security-trybots@go-security-trybots.iam.gserviceaccount.com> Reviewed-on: https://go-review.googlesource.com/c/net/+/514896 Reviewed-by: Roland Shoemaker <roland@golang.org> TryBot-Result: Gopher Robot <gobot@golang.org> Run-TryBot: Damien Neil <dneil@google.com>
This repository holds supplementary Go networking libraries.
The easiest way to install is to run go get -u golang.org/x/net
. You can also manually git clone the repository to $GOPATH/src/golang.org/x/net
.
This repository uses Gerrit for code changes. To learn how to submit changes to this repository, see https://golang.org/doc/contribute.html. The main issue tracker for the net repository is located at https://github.com/golang/go/issues. Prefix your issue with “x/net:” in the subject line, so it is easy to find.