• Didier Spezia's avatar
    html/template: fix string iteration in replacement operations · a1c1a763
    Didier Spezia authored
    In css, js, and html, the replacement operations are implemented
    by iterating on strings (rune by rune). The for/range
    statement is used. The length of the rune is required
    and added to the index to properly slice the string.
    
    This is potentially wrong because there is a discrepancy between
    the result of utf8.RuneLen and the increment of the index
    (set by the for/range statement). For invalid strings,
    utf8.RuneLen('\ufffd') == 3, while the index is incremented
    only by 1 byte.
    
    htmlReplacer triggers a panic at slicing time for some
    invalid strings.
    
    Use a more robust iteration mechanism based on
    utf8.DecodeRuneInString, and make sure the same
    pattern is used for all similar functions in this
    package.
    
    Fixes #10799
    
    Change-Id: Ibad3857b2819435d9fa564f06fc2ca8774102841
    Reviewed-on: https://go-review.googlesource.com/10105Reviewed-by: 's avatarRob Pike <r@golang.org>
    a1c1a763
html_test.go 2.81 KB