x/tools/cmd/godoc: switch to use html/template #4655

adg · 2013-01-13T21:31:00Z

Godoc should use the auto-escaping htm/template package instead of text/template, for
security reasons.

With text/template, it is hard to write UI code that doesn't introduce content injection
vulnerabilities.

adg · 2013-03-18T22:52:40Z

Comment 2:

Labels changed: added godoc.

rsc · 2013-11-27T18:49:27Z

Comment 3:

Labels changed: added go1.3maybe.

rsc · 2013-12-04T01:28:16Z

Comment 4:

Labels changed: added release-none, removed go1.3maybe.

rsc · 2013-12-04T01:45:53Z

Comment 5:

Labels changed: added repo-tools.

gopherbot · 2017-10-16T01:29:07Z

Change https://golang.org/cl/70935 mentions this issue: godoc: switch to use html/template

adg added accepted Security labels Dec 4, 2013

rsc added this to the Unplanned milestone Apr 10, 2015

rsc removed priority-later labels Apr 10, 2015

rsc changed the title ~~cmd/godoc: switch to use html/template~~ x/tools/cmd/godoc: switch to use html/template Apr 14, 2015

rsc removed the repo-tools label Apr 14, 2015

golang / go

x/tools/cmd/godoc: switch to use html/template #4655

x/tools/cmd/godoc: switch to use html/template #4655

adg commented Jan 13, 2013

This comment has been minimized.

adg commented Mar 18, 2013

This comment has been minimized.

rsc commented Nov 27, 2013

This comment has been minimized.

rsc commented Dec 4, 2013

This comment has been minimized.

rsc commented Dec 4, 2013

This comment has been minimized.

gopherbot commented Oct 16, 2017

golang / go

Join GitHub today

x/tools/cmd/godoc: switch to use html/template #4655

x/tools/cmd/godoc: switch to use html/template #4655

Comments

adg commented Jan 13, 2013

This comment has been minimized.

adg commented Mar 18, 2013

This comment has been minimized.

rsc commented Nov 27, 2013

This comment has been minimized.

rsc commented Dec 4, 2013

This comment has been minimized.

rsc commented Dec 4, 2013

This comment has been minimized.

gopherbot commented Oct 16, 2017