html/template: reenable testcases and fix mis-escaped sequences.

Tighter octal parsing broke some tests and were disabled in https://golang.org/cl/5530051 Those tests were broken. The CSS decoder was supposed to see CSS hex escape sequences of the form '\' <hex>+, but those escape sequences were instead being consumed by the template parser. This change properly escapes those escape sequences, and uses proper escaping for NULs. R=golang-dev, rsc, nigeltao CC=golang-dev https://golang.org/cl/5529073
2024-11-21 22:24:40 -07:00 · 2012-01-11 18:47:03 -05:00 · 2012-01-11 18:47:03 -05:00 · b1d6fa517c
commit b1d6fa517c
parent 81728cf06d
1 changed files with 10 additions and 12 deletions
--- a/src/pkg/html/template/escape_test.go
+++ b/src/pkg/html/template/escape_test.go
@ -300,23 +300,21 @@ func TestEscape(t *testing.T) {
 			`<p style="color: {{"#8ff"}}; background: {{"#000"}}">`,
 			`<p style="color: #8ff; background: #000">`,
 		},
-		// This test is broken by the fix to issue 2658.
-		// {
-		// 	"styleObfuscatedExpressionBlocked",
-		// 	`<p style="width: {{"  e\78preS\0Sio/**/n(alert(1337))"}}">`,
-		// 	`<p style="width: ZgotmplZ">`,
-		// },
+		{
+			"styleObfuscatedExpressionBlocked",
+			`<p style="width: {{"  e\\78preS\x00Sio/**/n(alert(1337))"}}">`,
+			`<p style="width: ZgotmplZ">`,
+		},
 		{
 			"styleMozBindingBlocked",
 			`<p style="{{"-moz-binding(alert(1337))"}}: ...">`,
 			`<p style="ZgotmplZ: ...">`,
 		},
-		// This test is broken by the fix to issue 2658.
-		// {
-		// 	"styleObfuscatedMozBindingBlocked",
-		// 	`<p style="{{"  -mo\7a-B\0I/**/nding(alert(1337))"}}: ...">`,
-		// 	`<p style="ZgotmplZ: ...">`,
-		// },
+		{
+			"styleObfuscatedMozBindingBlocked",
+			`<p style="{{"  -mo\\7a-B\x00I/**/nding(alert(1337))"}}: ...">`,
+			`<p style="ZgotmplZ: ...">`,
+		},
 		{
 			"styleFontNameString",
 			`<p style='font-family: "{{"Times New Roman"}}"'>`,