From f3f3f0d6d509bfaf30b55c0679cff366b50b7eae Mon Sep 17 00:00:00 2001 From: Samuel Tan Date: Thu, 13 Apr 2017 10:57:04 -0700 Subject: [PATCH] html/template: ignore case when handling type attribute in script element Convert the parsed attribute name to lowercase before checking its value in the HTML parser state machine. This ensures that the type attribute in the script element is handled in a case-sensitive manner, just like all other attribute names. Fixes #19965 Change-Id: I806d8c62aada2c3b5b4328aff75f217ea60cb339 Reviewed-on: https://go-review.googlesource.com/40650 Run-TryBot: Brad Fitzpatrick TryBot-Result: Gobot Gobot Reviewed-by: Russ Cox --- src/html/template/attr.go | 3 +-- src/html/template/escape_test.go | 5 +++++ src/html/template/transition.go | 2 +- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/src/html/template/attr.go b/src/html/template/attr.go index d65d340073..7438f51f6a 100644 --- a/src/html/template/attr.go +++ b/src/html/template/attr.go @@ -135,9 +135,8 @@ var attrTypeMap = map[string]contentType{ } // attrType returns a conservative (upper-bound on authority) guess at the -// type of the named attribute. +// type of the lowercase named attribute. func attrType(name string) contentType { - name = strings.ToLower(name) if strings.HasPrefix(name, "data-") { // Strip data- so that custom attribute heuristics below are // widely applied. diff --git a/src/html/template/escape_test.go b/src/html/template/escape_test.go index 0a6a9e49c7..43869276c0 100644 --- a/src/html/template/escape_test.go +++ b/src/html/template/escape_test.go @@ -1404,6 +1404,11 @@ func TestEscapeText(t *testing.T) { `