1
0
mirror of https://github.com/golang/go synced 2024-11-25 05:47:57 -07:00

html-escaping of fields that may be user-generated

R=rsc
http://go/go-review/1013019
This commit is contained in:
Robert Griesemer 2009-10-28 12:52:52 -07:00
parent 5a02eb65ef
commit 8b2d2847a8

View File

@ -4,7 +4,7 @@
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8">
<title>{Title}</title>
<title>{Title|html}</title>
<link rel="stylesheet" type="text/css" href="/doc/style.css">
<script type="text/javascript" src="/doc/godocs.js"></script>
@ -49,22 +49,23 @@
<li class="blank">&nbsp;</li>
<li class="navhead">Go code search</li>
<form method="GET" action="/search" class="search">
<input name="q" value="{Query}" size="25" />
<input name="q" value="{Query|html}" size="25" />
<input type="submit" value="Go" />
<li class="blank">&nbsp;</li>
<li class="navhead">Last update</li>
<li>{Timestamp}</li>
<li>{Timestamp|html}</li>
</ul>
</div>
<div id="content">
<h1>{Title}</h1>
<h1>{Title|html}</h1>
<!-- The Table of Contents is automatically inserted in this <div>.
Do not delete this <div>. -->
<div id="nav"></div>
<!-- Content is HTML-escaped elsewhere -->
{Content}
</div>