Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

html/template: Unexpected panic on second execution of unescapable template #8431

Closed
gopherbot opened this issue Jul 27, 2014 · 3 comments
Closed

html/template: Unexpected panic on second execution of unescapable template #8431

gopherbot opened this issue Jul 27, 2014 · 3 comments
Labels
FrozenDueToAge
Milestone
Go1.4

Comments

@gopherbot
Copy link
Contributor

by hebipp1:

On Go 1.3, calling the Execute() function on a Template that could not be escaped due to
an error that is returned on the first execution (for example `"\"" in
attribute name`), a panic is caused on the second execution.

This is caused by a security measure in html/template/escape.go:34, where the template
is invalidated when the template could not be escaped. While this is documented in the
escapeTemplates function locally, this behavior is not (at least I think so) documented
in the public documentation of html/template.

Aside from that, I think this behavior should be changed to return the same error on
every call instead of invalidating the template.
@ianlancetaylor
Copy link
Member

Comment 1:

Labels changed: added repo-main, release-go1.4.

@gopherbot
Copy link
Contributor Author

Comment 2:

CL https://golang.org/cl/130830043 mentions this issue.

@adg
Copy link
Contributor

adg commented Aug 19, 2014

Comment 3:

This issue was closed by revision 0fee633.

Status changed to Fixed.

@rsc rsc added this to the Go1.4 milestone Apr 14, 2015
@rsc rsc removed the release-go1.4 label Apr 14, 2015
@golang golang locked and limited conversation to collaborators Jun 25, 2016
wheatman pushed a commit to wheatman/go-akaros that referenced this issue Jun 25, 2018
@adg @wheatman
html/template: don't panic on second execution of unescapable template
e15a4a8 
Fixes golang#8431.

LGTM=r
R=golang-codereviews, r, minux
CC=golang-codereviews
https://golang.org/cl/130830043
wheatman pushed a commit to wheatman/go-akaros that referenced this issue Jul 9, 2018
@adg @wheatman
html/template: don't panic on second execution of unescapable template
3cb7f75 
Fixes golang#8431.

LGTM=r
R=golang-codereviews, r, minux
CC=golang-codereviews
https://golang.org/cl/130830043
This issue was closed.
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
FrozenDueToAge
Projects
None yet
Milestone
Go1.4
Development

No branches or pull requests
4 participants
@rsc @ianlancetaylor @adg @gopherbot