x/net/html: various quadratic parsing behaviors

[neild]

The parser implements the HTML specification, which contains a number of
algorithms which are quadratic in complexity by design. This causes the
processing time to scale non-linearly with respect to the size of the input for
some HTML documents.

This is a PRIVATE issue for CVE-2025-47911, tracked in http://b/437343453 and fixed by https://go-internal-review.git.corp.google.com/c/net/+/2880.

/cc @golang/security and @golang/release

[gopherbot]

Change https://go.dev/cl/709876 mentions this issue: html: impose open element stack size limit