Skip to content

G
golang
Commit c05c3a9d authored by Scott Lawrence's avatar Scott Lawrence Committed by Nigel Tao
Browse files
Options

html/template: make doctype check case-insensitive 

Fixes #3094.

R=golang-dev, rsc, nigeltao
CC=golang-dev
https://golang.org/cl/5687065
parent 19bab1dc
Hide whitespace changes
Inline Side-by-side
Showing with 6 additions and 1 deletion
src/pkg/html/template/escape.go
View file @ c05c3a9d
...@@ -593,7 +593,7 @@ func (e *escaper) escapeText(c context, n *parse.TextNode) context { ...@@ -593,7 +593,7 @@ func (e *escaper) escapeText(c context, n *parse.TextNode) context {
} }
} }
for j := i; j < end; j++ { for j := i; j < end; j++ {
if s[j] == '<' && !bytes.HasPrefix(s[j:], doctypeBytes) { if s[j] == '<' && !bytes.HasPrefix(bytes.ToUpper(s[j:]), doctypeBytes) {
b.Write(s[written:j]) b.Write(s[written:j])
b.WriteString("&lt;") b.WriteString("&lt;")
written = j + 1 written = j + 1
......
src/pkg/html/template/escape_test.go
View file @ c05c3a9d
...@@ -431,6 +431,11 @@ func TestEscape(t *testing.T) { ...@@ -431,6 +431,11 @@ func TestEscape(t *testing.T) {
"<!DOCTYPE html>Hello, World!", "<!DOCTYPE html>Hello, World!",
"<!DOCTYPE html>Hello, World!", "<!DOCTYPE html>Hello, World!",
}, },
{
"HTML doctype not case-insensitive",
"<!doCtYPE htMl>Hello, World!",
"<!doCtYPE htMl>Hello, World!",
},
{ {
"No doctype injection", "No doctype injection",
`<!{{"DOCTYPE"}}`, `<!{{"DOCTYPE"}}`,
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment