• Didier Spezia's avatar
    html/template: prevent panic while escaping pipelines · ca91de7c
    Didier Spezia authored
    AFAIK, the documentation does not explicitly state whether
    variables can store a callable entity or not. I believe the
    current implementation in text/template assumes they cannot
    though. The call builtin function is supposed to be used for
    this purpose.
    
    Template "{{0|$}}" should generate an error at runtime,
    instead of a panic.
    
    Similarly, template "{{0|(nil)}}" should not generate
    a panic.
    
    This CL aborts the sanitization process for a given pipeline
    when no identifier can be derived from the selected node.
    It happens with malformed pipelines.
    
    We now have the following errors:
    
    {{ 0 | $ }}
    template: foo:1:10: executing "foo" at <$>: can't give argument to non-function $
    
    {{ 0 | (nil) }}
    template: foo:1:11: executing "foo" at <nil>: nil is not a command
    
    Fixes #11118
    Fixes #11356
    
    Change-Id: Idae52f806849f4c9ab7aca1b4bb4b59a74723d0e
    Reviewed-on: https://go-review.googlesource.com/10823Reviewed-by: 's avatarRob Pike <r@golang.org>
    ca91de7c
Name
Last commit
Last update
..
template Loading commit data...
entity.go Loading commit data...
entity_test.go Loading commit data...
escape.go Loading commit data...
escape_test.go Loading commit data...
example_test.go Loading commit data...