delta/go-git.git/src/html/template/example_test.go, branch dev.link github.com: golang/go html/template,text/template: switch to Unicode escapes for JSON compatibility 2020-04-16T17:13:33+00:00 empijei robclap8@gmail.com 2020-03-27T18:27:55+00:00 d4d298040d072ddacea0e0d6b55fb148fff18070 The existing implementation is not compatible with JSON escape as it uses hex escaping. Unicode escape, instead, is valid for both JSON and JS. This fix avoids creating a separate escaping context for scripts of type "application/ld+json" and it is more future-proof in case more JSON+JS contexts get added to the platform (e.g. import maps). Fixes #33671 Fixes #37634 Change-Id: Id6f6524b4abc52e81d9d744d46bbe5bf2e081543 Reviewed-on: https://go-review.googlesource.com/c/go/+/226097 Reviewed-by: Carl Johnson <me@carlmjohnson.net> Reviewed-by: Daniel Martí <mvdan@mvdan.cc> Run-TryBot: Daniel Martí <mvdan@mvdan.cc> TryBot-Result: Gobot Gobot <gobot@golang.org> 
The existing implementation is not compatible with JSON
escape as it uses hex escaping.
Unicode escape, instead, is valid for both JSON and JS.
This fix avoids creating a separate escaping context for
scripts of type "application/ld+json" and it is more
future-proof in case more JSON+JS contexts get added
to the platform (e.g. import maps).

Fixes #33671
Fixes #37634

Change-Id: Id6f6524b4abc52e81d9d744d46bbe5bf2e081543
Reviewed-on: https://go-review.googlesource.com/c/go/+/226097
Reviewed-by: Carl Johnson <me@carlmjohnson.net>
Reviewed-by: Daniel Martí <mvdan@mvdan.cc>
Run-TryBot: Daniel Martí <mvdan@mvdan.cc>
TryBot-Result: Gobot Gobot <gobot@golang.org>
text/template: harden JSEscape to also escape ampersand and equal 2019-11-21T22:20:17+00:00 Roberto Clapis robclap8@gmail.com 2019-11-18T09:05:07+00:00 94e9a5e19b831504eca2b7202b78d1a48c4be547 Ampersand and equal are not dangerous in a JS/JSString context but they might cause issues if interpolated in HTML attributes. This change makes it harder to introduce XSS by misusing escaping. Thanks to t1ddl3r <t1ddl3r@gmail.com> for reporting this common misuse scenario. Fixes #35665 Change-Id: Ice6416477bba4cb2ba2fe2cfdc20e027957255c0 Reviewed-on: https://go-review.googlesource.com/c/go/+/207637 Reviewed-by: Filippo Valsorda <filippo@golang.org> Reviewed-by: Mike Samuel <mikesamuel@gmail.com> Reviewed-by: Andrew Bonventre <andybons@golang.org> Reviewed-by: Daniel Martí <mvdan@mvdan.cc> 
Ampersand and equal are not dangerous in a JS/JSString context
but they might cause issues if interpolated in HTML attributes.

This change makes it harder to introduce XSS by misusing
escaping.

Thanks to t1ddl3r <t1ddl3r@gmail.com> for reporting this common
misuse scenario.

Fixes #35665

Change-Id: Ice6416477bba4cb2ba2fe2cfdc20e027957255c0
Reviewed-on: https://go-review.googlesource.com/c/go/+/207637
Reviewed-by: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Mike Samuel <mikesamuel@gmail.com>
Reviewed-by: Andrew Bonventre <andybons@golang.org>
Reviewed-by: Daniel Martí <mvdan@mvdan.cc>
html/template: add an example for the Delims method 2018-08-30T19:36:15+00:00 Dmitry Neverov dmitry.neverov@gmail.com 2018-08-30T18:58:31+00:00 a2a8396f530a481ef2d2ad289bee1c741bc7f34e Change-Id: I7ba55e3f6ebbaae41188316a66a40f994c037ad9 Reviewed-on: https://go-review.googlesource.com/132240 Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org> 
Change-Id: I7ba55e3f6ebbaae41188316a66a40f994c037ad9
Reviewed-on: https://go-review.googlesource.com/132240
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
html/template: Add missing error check to package example. 2015-11-22T22:00:21+00:00 Dmitri Shuralyov shurcooL@gmail.com 2015-11-22T01:09:08+00:00 2221bc35cf5b133071feea7013b4c6509ae3b563 This appears to be an unintended omission. The check func is declared just above, and the err value from template.Parse is captured rather than discarded via blank identifier. All following calls that similarly return err are checked, so it can't be that this example elides error checking for brevity. Finally, if you look at Example_autoescaping, it does check err from template.Parse and its code is very similar. Change-Id: I076e1846302d5f2cdb1d027ed85ca0db85e33ace Reviewed-on: https://go-review.googlesource.com/17170 Reviewed-by: Andrew Gerrand <adg@golang.org> 
This appears to be an unintended omission. The check func is declared
just above, and the err value from template.Parse is captured rather
than discarded via blank identifier. All following calls that similarly
return err are checked, so it can't be that this example elides error
checking for brevity. Finally, if you look at Example_autoescaping,
it does check err from template.Parse and its code is very similar.

Change-Id: I076e1846302d5f2cdb1d027ed85ca0db85e33ace
Reviewed-on: https://go-review.googlesource.com/17170
Reviewed-by: Andrew Gerrand <adg@golang.org>
text/template, html/template: fix block example name 2015-09-29T00:17:40+00:00 Andrew Gerrand adg@golang.org 2015-09-29T00:16:09+00:00 02e8ec008ca80e6b7dd93410aa9abac3a906dee4 Change-Id: I004a43842430201296363a9745480bee94920041 Reviewed-on: https://go-review.googlesource.com/15084 Reviewed-by: Andrew Gerrand <adg@golang.org> 
Change-Id: I004a43842430201296363a9745480bee94920041
Reviewed-on: https://go-review.googlesource.com/15084
Reviewed-by: Andrew Gerrand <adg@golang.org>
text/template, html/template: add block keyword and permit template redefinition 2015-09-28T06:01:30+00:00 Andrew Gerrand adg@golang.org 2015-08-28T05:31:51+00:00 12dfc3bee482f16263ce4673a0cce399127e2a0d This change adds a new "block" keyword that permits the definition of templates inline inside existing templates, and loosens the restriction on template redefinition. Templates may now be redefined, but in the html/template package they may only be redefined before the template is executed (and therefore escaped). The intention is that such inline templates can be redefined by subsequent template definitions, permitting a kind of template "inheritance" or "overlay". (See the example for details.) Fixes #3812 Change-Id: I733cb5332c1c201c235f759cc64333462e70dc27 Reviewed-on: https://go-review.googlesource.com/14005 Reviewed-by: Rob Pike <r@golang.org> 
This change adds a new "block" keyword that permits the definition
of templates inline inside existing templates, and loosens the
restriction on template redefinition. Templates may now be redefined,
but in the html/template package they may only be redefined before
the template is executed (and therefore escaped).

The intention is that such inline templates can be redefined by
subsequent template definitions, permitting a kind of template
"inheritance" or "overlay". (See the example for details.)

Fixes #3812

Change-Id: I733cb5332c1c201c235f759cc64333462e70dc27
Reviewed-on: https://go-review.googlesource.com/14005
Reviewed-by: Rob Pike <r@golang.org>
html/template: add examples to package and functions 2015-07-27T16:37:33+00:00 Carlos C uldericofilho@gmail.com 2015-06-19T09:41:41+00:00 0645bdd11007a264988029459844cb78ec06e790 Change-Id: Ib4fb8256863d908580a07e6f2e1c92ea109ea989 Reviewed-on: https://go-review.googlesource.com/11249 Reviewed-by: Russ Cox <rsc@golang.org> 
Change-Id: Ib4fb8256863d908580a07e6f2e1c92ea109ea989
Reviewed-on: https://go-review.googlesource.com/11249
Reviewed-by: Russ Cox <rsc@golang.org>