html/template
#69076 opened 2 months ago by cuishuang
#66217 opened 8 months ago by rsc
errors returned from MarshalJSON are not correctly escaped [1.22 backport]CherryPickApprovedSecurity
#65969 opened 8 months ago by gopherbot
errors returned from MarshalJSON are not correctly escaped [1.21 backport]CherryPickApprovedSecurity
#65968 opened 8 months ago by gopherbot
#65697 opened 9 months ago by rolandshoemaker
#65289 opened 10 months ago by k-takeuchi220
#64948 opened 10 months ago by dstpierre
#63208 opened 1 year ago by gopherbot
#63207 opened 1 year ago by gopherbot
improper handling of special tags within script contexts (CVE-2023-39319) [1.21 backport]CherryPickApprovedFrozenDueToAgeSecurityrelease-blocker
#62398 opened 1 year ago by gopherbot
improper handling of special tags within script contexts (CVE-2023-39319) [1.20 backport]CherryPickApprovedFrozenDueToAgeSecurityrelease-blocker
#62397 opened 1 year ago by gopherbot
improper handling of HTML-like comments within script contexts (CVE-2023-39318) [1.21 backport]CherryPickApprovedFrozenDueToAgeSecurityrelease-blocker
#62396 opened 1 year ago by gopherbot
improper handling of HTML-like comments within script contexts (CVE-2023-39318) [1.20 backport]CherryPickApprovedFrozenDueToAgeSecurityrelease-blocker
#62395 opened 1 year ago by gopherbot
improper handling of special tags within script contexts (CVE-2023-39319)FrozenDueToAgeNeedsFixSecurityrelease-blocker
#62197 opened 1 year ago by rolandshoemaker
improper handling of HTML-like comments within script contexts (CVE-2023-39318)FrozenDueToAgeNeedsFixSecurityrelease-blocker
#62196 opened 1 year ago by rolandshoemaker
#61619 opened 1 year ago by rolandshoemaker
#59722 opened 2 years ago by rolandshoemaker
#59721 opened 2 years ago by rolandshoemaker
#59720 opened 2 years ago by rolandshoemaker
#59584 opened 2 years ago by rolandshoemaker
#59444 opened 2 years ago by springrain
backticks not treated as string delimiters (CVE-2023-24538) [1.20 backport]CherryPickApprovedFrozenDueToAgeSecurity
#59272 opened 2 years ago by gopherbot
backticks not treated as string delimiters (CVE-2023-24538) [1.19 backport]CherryPickApprovedFrozenDueToAgeSecurity
#59271 opened 2 years ago by gopherbot
#59234 opened 2 years ago by rolandshoemaker
Unexpected resultFrozenDueToAge
#58460 opened 2 years ago by jmooring
#57136 opened 2 years ago by melato
#55341 opened 2 years ago by wxiaoguang
#54999 opened 2 years ago by timdadd
#53241 opened 2 years ago by secsys-go
#51344 opened 2 years ago by bep
#51065 opened 2 years ago by anoop012345
incorrect js inside <script>FrozenDueToAge
#47616 opened 3 years ago by acoshift
#47042 opened 3 years ago by gopherbot
#47041 opened 3 years ago by gopherbot
#47040 opened 3 years ago by josharian
make FuncMap an alias for text/template.FuncMapFrozenDueToAgeProposalProposal-AcceptedProposal-FinalCommentPeriod
#46121 opened 3 years ago by rogpeppe
sync: RUnlock of unlocked RWMutex [Go 1.16 regression]FrozenDueToAge
#43885 opened 3 years ago by eclipseo
deadlock if "dot" method is used to execute template from same setFrozenDueToAgeNeedsFixrelease-blocker
#43855 opened 3 years ago by ianlancetaylor
#43295 opened 3 years ago by stapelberg
#43062 opened 4 years ago by jba
#39807 opened 4 years ago by bep
#38837 opened 4 years ago by ePirat
#34691 opened 5 years ago by bakurits
#33671 opened 5 years ago by earthboundkid
#32934 opened 5 years ago by gkarthiks
Errors with parseFiles and FuncsFrozenDueToAge
#31935 opened 5 years ago by LouisBruge
#31327 opened 5 years ago by tomuta
#31107 opened 5 years ago by empijei
#30608 opened 5 years ago by dmitshur
#30286 opened 5 years ago by bep
#29406 opened 5 years ago by eternal-flame-AD
escapeTemplate causes a panic by invoking fmt.Sprintf("%v") on a context with nil *Error fieldFrozenDueToAgeNeedsFix
#28854 opened 6 years ago by alexbrainman
#27926 opened 6 years ago by stjj89
template.HTMLAttr value garbled in style attributeFrozenDueToAge
#27178 opened 6 years ago by bep
#26053 opened 6 years ago by eklitzke
#25875 opened 6 years ago by bep
#24731 opened 6 years ago by rhysh
#24717 opened 6 years ago by rhysh
#23990 opened 6 years ago by ikrabbe
#23683 opened 6 years ago by dgryski
tags are stripped in attributes for template.HTML typeFrozenDueToAge
#22795 opened 7 years ago by opennota
#22780 opened 7 years ago by alin-amana
#22639 opened 7 years ago by anotherGoogleFan
URL path/fragment component not properly escapedFrozenDueToAge
#22498 opened 7 years ago by stjj89
#22086 opened 7 years ago by mpl
JS and JSStr incorrectly escaped in javascript contextFrozenDueToAge
#21968 opened 7 years ago by justinclift
#21844 opened 7 years ago by bep
#20957 opened 7 years ago by mappu
Go 1.8 has a different encoding logic for application/ld+json and text/javascriptFrozenDueToAgeNeedsInvestigation
#20886 opened 7 years ago by ARolek
#20879 opened 7 years ago by carl-mastrangelo
template.HTML being escaped (rather than included verbatim) sometimesFrozenDueToAgeNeedsFixrelease-blocker
#20842 opened 7 years ago by dmitshur
#20586 opened 7 years ago by erikformella
#20561 opened 7 years ago by jmesyan
base64 html images in image tag are unsafeFrozenDueToAge
#20536 opened 7 years ago by azr
#20323 opened 7 years ago by bep
#19968 opened 7 years ago by stjj89
#19965 opened 7 years ago by stjj89
predefined escaper "html" disallowed in templateFrozenDueToAge
#19952 opened 7 years ago by bep
inserted escapers are not properly merged with predefined escapers with explicit argumentsFrozenDueToAgeNeedsInvestigation
#19353 opened 7 years ago by stjj89
merging escapers can lead to over-escapingFrozenDueToAge
#19352 opened 7 years ago by stjj89
#19345 opened 7 years ago by stjj89
#19336 opened 7 years ago by stjj89
#19294 opened 7 years ago by seehuhn
#19205 opened 7 years ago by moshee
#19204 opened 7 years ago by DDRBoxman
#19170 opened 7 years ago by SebastianPozoga
#18971 opened 7 years ago by zwass
#18716 opened 7 years ago by sethvargo
<script> tags with type "text/template" now escapes EJS templatesFrozenDueToAgeNeedsDecisionNeedsInvestigationSecurity
#18569 opened 7 years ago by anthonybishopric
Go 1.8 has a different encoding logic. Intentionally?FrozenDueToAge
#18159 opened 8 years ago by leonklingele
#17933 opened 8 years ago by jmhodges
#17894 opened 8 years ago by rudydai
#17735 opened 8 years ago by rhysh
#17441 opened 8 years ago by okdave
#17414 opened 8 years ago by bep
#17319 opened 8 years ago by bep
#17019 opened 8 years ago by ghost
#16148 opened 8 years ago by mbertschler
#16101 opened 8 years ago by bep
add helper functions for type conversionFrozenDueToAge
#16058 opened 8 years ago by localvar
#15891 opened 8 years ago by gmccue
#15761 opened 8 years ago by mstetson
#15399 opened 8 years ago by neelance
ParseFiles throws away files with the same filename baseFrozenDueToAge
#14320 opened 8 years ago by bep
removes content inside html commentsFrozenDueToAge
#14256 opened 8 years ago by liggitt
suggest to add HTMLEscape for / to ˿rozenDueToAge
#14033 opened 8 years ago by iamzhout
#13852 opened 9 years ago by okdave
DefinedTemplates is missingFrozenDueToAge
#13349 opened 9 years ago by robpike
broken after cloneFrozenDueToAge
#12996 opened 9 years ago by jbeda
escape first char for XMLFrozenDueToAge
#12496 opened 9 years ago by alexandrestein
#12149 opened 9 years ago by Miaonster
slow performance on big structuresFrozenDueToAge
#11678 opened 9 years ago by vadimyer
unidentified node type in allIdents (4)FrozenDueToAge
#11356 opened 9 years ago by dvyukov
unidentified node type in allIdents (3)FrozenDueToAge
#11118 opened 9 years ago by dvyukov
Clone an empty template leads to runtime panicFrozenDueToAge
#10879 opened 9 years ago by paradoxe
unidentified node type in allIdents (2)FrozenDueToAge
#10801 opened 9 years ago by dvyukov
slice bounds out of rangeFrozenDueToAge
#10799 opened 9 years ago by dvyukov
#10786 opened 9 years ago by anacrolix
nil pointer dereferenceFrozenDueToAge
#10673 opened 9 years ago by dvyukov
invalid memory address or nil pointer dereferenceFrozenDueToAge
#10615 opened 9 years ago by dvyukov
runtime error: slice bounds out of range (2)FrozenDueToAge
#10613 opened 9 years ago by dvyukov
runtime error: slice bounds out of rangeFrozenDueToAge
#10612 opened 9 years ago by dvyukov
escaping {{else}} is unimplementedFrozenDueToAge
#10611 opened 9 years ago by dvyukov
unidentified node type in allIdentsFrozenDueToAge
#10610 opened 9 years ago by dvyukov
escapeTemplate is inefficientFrozenDueToAge
#10605 opened 9 years ago by chowey
panic when executing invalid templateFrozenDueToAge
#10204 opened 9 years ago by jstemmer
how about add a new fucntionFrozenDueToAge
#9840 opened 9 years ago by TapirLiu
`HTML` type example is confusingFrozenDueToAge
#9651 opened 9 years ago by ssilva
#8500 opened 10 years ago by gopherbot
ParseFiles confusion with same base nameFrozenDueToAge
#8464 opened 10 years ago by gopherbot
#8431 opened 10 years ago by gopherbot
{{value | .Method}} panics and prevents escapingFrozenDueToAge
#7379 opened 10 years ago by gopherbot
#6701 opened 11 years ago by robpike
t.Tree is always nilFrozenDueToAge
#6459 opened 11 years ago by gopherbot
need access to parse tree.FrozenDueToAge
#6318 opened 11 years ago by gopherbot
panic when applying template to a nil error fieldFrozenDueToAge
#5982 opened 11 years ago by josharian
Execute panics on custom function errors after CloneFrozenDueToAge
#5980 opened 11 years ago by gopherbot
"stripTags" exportability in the html/template packageFrozenDueToAge
#5884 opened 11 years ago by gopherbot
execute adds blanksFrozenDueToAge
#5534 opened 11 years ago by gopherbot
#4634 opened 12 years ago by campoy
remove noescape supportFrozenDueToAge
#3528 opened 12 years ago by rsc
cannot access html/template's embedded parse.TreeFrozenDueToAge
#3461 opened 12 years ago by lilyball
missing Templates method, Escape functionsFrozenDueToAge
#3296 opened 12 years ago by mpl
panic during CloneFrozenDueToAge
#3281 opened 12 years ago by rsc
Two panics on executing empty/missing templatesFrozenDueToAge
#3272 opened 12 years ago by dsymonds
#3164 opened 12 years ago by balasanjay
escape xmldesc as <?xmlFrozenDueToAge
#3133 opened 12 years ago by ukai
#3094 opened 12 years ago by gopherbot
does not call .String method for formattingFrozenDueToAge
#3073 opened 12 years ago by the42
add Clone and AddParseTreeFrozenDueToAge
#2757 opened 13 years ago by robpike
confusing or incorrect errorFrozenDueToAge
#2644 opened 13 years ago by rsc
Funcs refers to template.FuncMap (in text/template)FrozenDueToAge
#2546 opened 13 years ago by rsc
Must is bustFrozenDueToAge
#2545 opened 13 years ago by rsc