src/html/template/js.go · 14f18e5b6f5abd9819981fdee92fffe62f4d4c1c · go / golang

html/template: escape JS in application/json script tag · 37dbc7b4

Nodir Turakulov authored Dec 03, 2016

Since ffd1c781 HTML templates check
MIME type in the "type" attribute of "script" tag to decide if contents
should be escaped as JavaScript. The whitelist of MIME types did not
include application/json. Include it in this CL.

Fixes #18159

Change-Id: I17a8a38f2b7789b4b7e941d14279de222eaf2b6a
Reviewed-on: https://go-review.googlesource.com/33899Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>

37dbc7b4

js.go 11.1 KB

Replace js.go