mirror
/
go
mirror of https://github.com/golang/go.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
go/src
History
Didier Spezia a1c1a763bc html/template: fix string iteration in replacement operations 
In css, js, and html, the replacement operations are implemented
by iterating on strings (rune by rune). The for/range
statement is used. The length of the rune is required
and added to the index to properly slice the string.

This is potentially wrong because there is a discrepancy between
the result of utf8.RuneLen and the increment of the index
(set by the for/range statement). For invalid strings,
utf8.RuneLen('\ufffd') == 3, while the index is incremented
only by 1 byte.

htmlReplacer triggers a panic at slicing time for some
invalid strings.

Use a more robust iteration mechanism based on
utf8.DecodeRuneInString, and make sure the same
pattern is used for all similar functions in this
package.

Fixes #10799

Change-Id: Ibad3857b2819435d9fa564f06fc2ca8774102841
Reviewed-on: https://go-review.googlesource.com/10105
Reviewed-by: Rob Pike <r@golang.org>
 		2015-05-19 22:45:50 +00:00
..
archive archive/tar: fix error message 2015-05-04 21:27:45 +00:00
bufio
builtin
bytes bytes, strings: add LastIndexByte 2015-04-30 07:13:18 +00:00
cmd cmd/go: fix build 2015-05-19 22:29:57 +00:00
compress
container
crypto crypto/x509: be strict about trailing data. 2015-04-30 03:49:36 +00:00
database/sql
debug debug/dwarf: compute ByteSize for more DWARF types 2015-05-07 07:28:39 +00:00
encoding encoding/json: fix decoding of types with '[]byte' as underlying type 2015-05-15 16:26:53 +00:00
errors
expvar
flag flag: Fix up a package comment a bit. 2015-05-19 02:18:40 +00:00
fmt fmt: allow for space and plus flags when computing widths 2015-05-11 18:34:19 +00:00
go go/parser: better error message for missing ',' in lists 2015-05-15 17:58:56 +00:00
hash hash/crc32: move reverse representation docs to an example 2015-05-04 00:19:22 +00:00
html html/template: fix string iteration in replacement operations 2015-05-19 22:45:50 +00:00
image image/gif: allow encoding a single-frame image whose top-left corner 2015-05-06 01:00:58 +00:00
index/suffixarray
internal internal/syscall/windows/registry: fix read overrun in GetStringsValue 2015-05-15 03:25:41 +00:00
io
log
math math/big, cmd/internal/gc/big: fix vet detected printf problem 2015-05-14 05:34:40 +00:00
mime mime: Export RFC 2047 code 2015-05-11 18:50:32 +00:00
net net: redo resolv.conf recheck implementation 2015-05-15 18:14:47 +00:00
os os: eradicate smallpox after test 2015-05-06 17:38:57 +00:00
path
reflect reflect: make PtrTo(FuncOf(...)) not crash 2015-05-16 00:51:05 +00:00
regexp
runtime runtime: run background mark helpers only if work is available 2015-05-19 15:57:50 +00:00
sort
strconv
strings strings: use LastIndexByte in LastIndex 2015-04-30 08:33:29 +00:00
sync
syscall syscall: don't run fcntl child process test on iOS 2015-05-15 16:41:12 +00:00
testing testing: fix typo 2015-05-12 23:39:00 +00:00
text text/template: fix race condition on function maps 2015-05-16 00:32:21 +00:00
time time: document that not all Unix time can be represented 2015-05-19 06:19:33 +00:00
unicode
unsafe
Make.dist
all.bash
all.bat
all.rc
androidtest.bash
bootstrap.bash
buildall.bash buildall.bash: exit 1 when make.bash fails 2015-05-17 01:40:33 +00:00
clean.bash
clean.bat
clean.rc
iostest.bash
make.bash
make.bat
make.rc
nacltest.bash nacltest.bash: remove syscall/fstest_nacl.go after test 2015-05-02 02:48:32 +00:00
race.bash
race.bat
run.bash build: correct quoting of args in run.bash 2015-05-09 04:23:47 +00:00
run.bat
run.rc