| commit | 8e66b04771e35c4e4125e8c60334b34e2423effb | [log] [tgz] |
|---|---|---|
| author | Roland Shoemaker <roland@golang.org> | Wed Dec 04 09:35:55 2024 -0800 |
| committer | Gopher Robot <gobot@golang.org> | Wed Dec 18 11:24:30 2024 -0800 |
| tree | 372fd8869db486bd4f8884cbcce40e379b317e8b | |
| parent | b935f7b5d723c82894e1a1fd936a94dd2d1eae46 [diff] |
html: use strings.EqualFold instead of lowering ourselves Instead of using strings.ToLower and == to check case insensitive equality, just use strings.EqualFold, even when the strings are only ASCII. This prevents us unnecessarily lowering extremely long strings, which can be a somewhat expensive operation, even if we're only attempting to compare equality with five characters. Thanks to Guido Vranken for reporting this issue. Fixes golang/go#70906 Fixes CVE-2024-45338 Change-Id: I323b919f912d60dab6a87cadfdcac3e6b54cd128 Reviewed-on: https://go-review.googlesource.com/c/net/+/637536 LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Auto-Submit: Gopher Robot <gobot@golang.org> Reviewed-by: Roland Shoemaker <roland@golang.org> Reviewed-by: Tatiana Bradley <tatianabradley@google.com>
This repository holds supplementary Go networking packages.
This repository uses Gerrit for code changes. To learn how to submit changes to this repository, see https://go.dev/doc/contribute.
The git repository is https://go.googlesource.com/net.
The main issue tracker for the net repository is located at https://go.dev/issues. Prefix your issue with “x/net:” in the subject line, so it is easy to find.