Skip to content

/go

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

x/tools/cmd/godoc: switch to use html/template #4655

Open
adg opened this issue Jan 13, 2013 · 5 comments

Comments

Assignees
No one assigned
Labels
Security
Projects
None yet
Milestone
  Unplanned
3 participants
@adg @rsc @gopherbot
@adg
Copy link
Contributor

commented Jan 13, 2013 

Godoc should use the auto-escaping htm/template package instead of text/template, for
security reasons.

With text/template, it is hard to write UI code that doesn't introduce content injection
vulnerabilities.
@adg

This comment has been minimized.

Sign in to view
Copy link
Contributor Author

commented Mar 18, 2013

Comment 2:

Labels changed: added godoc.
@rsc

This comment has been minimized.

Sign in to view
Copy link
Contributor

commented Nov 27, 2013

Comment 3:

Labels changed: added go1.3maybe.
@rsc

This comment has been minimized.

Sign in to view
Copy link
Contributor

commented Dec 4, 2013

Comment 4:

Labels changed: added release-none, removed go1.3maybe.
@rsc

This comment has been minimized.

Sign in to view
Copy link
Contributor

commented Dec 4, 2013

Comment 5:

Labels changed: added repo-tools.

@adg adg added accepted Security labels Dec 4, 2013

@rsc rsc added this to the Unplanned milestone Apr 10, 2015

@rsc rsc removed priority-later labels Apr 10, 2015

@rsc rsc changed the title cmd/godoc: switch to use html/template x/tools/cmd/godoc: switch to use html/template Apr 14, 2015

@rsc rsc removed the repo-tools label Apr 14, 2015

@gopherbot

This comment has been minimized.

Sign in to view
Copy link

commented Oct 16, 2017

Change https://golang.org/cl/70935 mentions this issue: godoc: switch to use html/template
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.