1
0
mirror of https://github.com/golang/go synced 2024-11-12 06:30:21 -07:00
Commit Graph

9730 Commits

Author SHA1 Message Date
Andrew Gerrand
a314c163ef tag release.r60.1
R=golang-dev, dsymonds
CC=golang-dev
https://golang.org/cl/5030045
2011-09-19 14:01:39 +10:00
Andrew Gerrand
a66ae1d39e doc: update release.r60.1 notes
R=dsymonds
CC=golang-dev
https://golang.org/cl/5045045
2011-09-19 12:16:08 +10:00
Mike Samuel
b4e1ca25b1 exp/template/html: allow quotes on either side of conditionals and dynamic HTML names
This addresses several use cases:

(1) <h{{.HeaderLevel}}> used to build hierarchical documents.
(2) <input on{{.EventType}}=...> used in widgets.
(3) <div {{" dir=ltr"}}> used to embed bidi-hints.

It also makes sure that we treat the two templates below the same:

<img src={{if .Avatar}}"{{.Avatar}}"{{else}}"anonymous.png"{{end}}>
<img src="{{if .Avatar}}{{.Avatar}}{{else}}anonymous.png{{end}}">

This splits up tTag into a number of sub-states and adds testcases.

R=nigeltao
CC=golang-dev
https://golang.org/cl/5043042
2011-09-18 19:10:15 -07:00
Mike Samuel
52a46bb773 exp/template/html: normalize '<' in text and RCDATA nodes.
The template

  <{{.}}

would violate the structure preservation property if allowed and not
normalized, because when {{.}} emitted "", the "<" would be part of
a text node, but if {{.}} emitted "a", the "<" would not be part of
a text node.

This change rewrites '<' in text nodes and RCDATA text nodes to
'&lt;' allowing template authors to write the common, and arguably more
readable:

    Your price: {{.P1}} < list price {{.P2}}

while preserving the structure preservation property.

It also lays the groundwork for comment elision, rewriting

    Foo <!-- comment with secret project details --> Bar

to

    Foo  Bar

R=nigeltao
CC=golang-dev
https://golang.org/cl/5043043
2011-09-18 12:04:40 -07:00
Mike Samuel
e213a0c0fc exp/template/html: recognize whitespace at start of URLs.
HTML5 uses "Valid URL potentially surrounded by spaces" for
attrs: http://www.w3.org/TR/html5/index.html#attributes-1

    <a href=" {{.}}">

should be escaped to filter out "javascript:..." as data.

R=nigeltao
CC=golang-dev
https://golang.org/cl/5027045
2011-09-18 11:55:14 -07:00
Adam Langley
605e57d8fe exp/ssh: new package.
The typical UNIX method for controlling long running process is to
send the process signals. Since this doesn't get you very far, various
ad-hoc, remote-control protocols have been used over time by programs
like Apache and BIND.

Implementing an SSH server means that Go code will have a standard,
secure way to do this in the future.

R=bradfitz, borman, dave, gustavo, dsymonds, r, adg, rsc, rogpeppe, lvd, kevlar, raul.san
CC=golang-dev
https://golang.org/cl/4962064
2011-09-17 15:57:24 -04:00
Mike Rosset
b71a805cd5 archive/tar: document Header fields and Type flags
Documentation more along the lines of os.FileInfo
Fixes #2180.

R=golang-dev, dsymonds
CC=golang-dev, mike.rosset
https://golang.org/cl/4958055
2011-09-17 11:43:06 -07:00
Hector Chu
6bc0346e28 runtime: increase stack system space on windows/amd64
gotest src/pkg/exp/template/html was crashing because the exception handler overflowed the goroutine stack.

R=alex.brainman, golang-dev
CC=golang-dev
https://golang.org/cl/5031049
2011-09-17 20:39:29 +10:00
Hector Chu
a506c96ab2 runtime/pprof: enable test on windows
R=alex.brainman
CC=golang-dev
https://golang.org/cl/5047045
2011-09-17 18:00:32 +10:00
Hector Chu
9fd26872cb runtime: implement pprof support for windows
Credit to jp for proof of concept.

R=alex.brainman, jp, rsc, dvyukov
CC=golang-dev
https://golang.org/cl/4960057
2011-09-17 17:57:59 +10:00
Michael Shields
44f12eb5ad filepath: fix Glob to return no error on nonmatching patterns
filepath.Glob is documented to return nil if no files match
and an error only if the pattern is invalid.  This change
fixes it to work as documented and adds a regression test.

R=golang-dev, r
CC=golang-dev
https://golang.org/cl/5040045
2011-09-16 20:30:54 -07:00
Rob Pike
46eb718c99 CONTRIBUTORS: add googler Michael Shields
R=golang-dev, dsymonds
CC=golang-dev, mshields
https://golang.org/cl/5042045
2011-09-16 20:30:17 -07:00
Ian Lance Taylor
bfe9f228a4 test: match gccgo error messages for bug330.go.
bug330.go:11:6: error: expected numeric type
bug330.go:12:6: error: expected numeric type

R=golang-dev, gri
CC=golang-dev
https://golang.org/cl/5031050
2011-09-16 18:28:57 -07:00
Robert Griesemer
ae4f1c4c3a reflect: fix comment
R=r
CC=golang-dev
https://golang.org/cl/5039045
2011-09-16 15:07:13 -07:00
Yasuhiro Matsumoto
048ec75801 http/cgi: clean up environment.
clean up duplicate environment for CGI.
overriding former by latter.
On windows, When there are duplicated environments like following,

SCRIPT_FILENAME=c:/progra~1/php/php-cgi.exe
SCRIPT_FILENAME=/foo.php

CreateProcess use first entry.

If make cgi.Handle like following,

        cgih = cgi.Handler{
                Path: "c:/strawberry/perl/bin/perl.exe",
                Dir:  "c:/path/to/webroot",
                Root: "c:/path/to/webroot",
                Args: []string{"foo.php"},
                Env:  []string{"SCRIPT_FILENAME=foo.php"},
        }

http/cgi should behave "SCRIPT_FILENAME is foo.php".
But currently, http/cgi is set duplicate environment entries.
So, browser show binary dump of "php-cgi.exe" that is specified indented
SCRIPT_FILENAME in first entry.
This change clean up duplicates, and use latters.

R=golang-dev, bradfitz, bradfitz
CC=golang-dev
https://golang.org/cl/5010044
2011-09-16 10:36:54 -07:00
Marcel van Lohuizen
a083fd524a exp/norm: reverting to using strings.Repeat, as it doesn't look like exp/regexp
is going to support returning multiple matches for a single repeated group.

R=r, rsc, mpvl
CC=golang-dev
https://golang.org/cl/5014045
2011-09-16 11:28:53 +02:00
Marcel van Lohuizen
1913fdab98 exp/norm: changed trie to produce smaller tables.
Trie now uses sparse block when this makes sense.

R=r, r
CC=golang-dev
https://golang.org/cl/5010043
2011-09-16 11:27:05 +02:00
Mike Samuel
a399040226 exp/template/html: type fixed point computation in template
I found a simple test case that does require doing the fixed point TODO
in computeOutCtx.

I found a way though to do this and simplify away the escapeRange
hackiness that was added in https://golang.org/cl/5012044/

R=nigeltao
CC=golang-dev
https://golang.org/cl/5015052
2011-09-16 00:34:26 -07:00
Andrew Gerrand
da5511625e tag weekly.2011-09-16
R=golang-dev, dsymonds
CC=golang-dev
https://golang.org/cl/5004052
2011-09-16 17:23:31 +10:00
Andrew Gerrand
b0e3edab0e weekly.2011-09-16
R=golang-dev, dsymonds, r
CC=golang-dev
https://golang.org/cl/5040042
2011-09-16 17:18:36 +10:00
Alex Brainman
310e5fe60c net: reuse channels during io
R=golang-dev, bsiegert, rsc, hectorchu
CC=golang-dev
https://golang.org/cl/5016043
2011-09-16 13:40:02 +10:00
Mike Samuel
96f9e8837e exp/template/html: moved error docs out of package docs onto error codes
This replaces the errStr & errLine members of context with a single err
*Error, and introduces a number of const error codes, one per
escape-time failure mode, that can be separately documented.

The changes to the error documentation moved from doc.go to error.go
are cosmetic.

R=r, nigeltao
CC=golang-dev
https://golang.org/cl/5026041
2011-09-15 19:05:33 -07:00
Robert Griesemer
642d272c3c godoc: remove dependency of syscall
On app-engine, we cannot import syscall.
The respective constants are already defined
elsewhere for the same reason.

R=r, dsymonds
CC=golang-dev
https://golang.org/cl/5036042
2011-09-15 16:47:01 -07:00
Robert Griesemer
66e44000d4 godoc: use new index/suffixarray serialization code
When saving/restoring the fulltext index, the entire
respective suffixarray is now saved/restored (as opposed
to the indexed data only, and the suffixarray recreated).
This saves significant start-up time for large indexes,
at the cost of significantly larger index files.

R=r
CC=golang-dev
https://golang.org/cl/5037043
2011-09-15 16:21:42 -07:00
Robert Griesemer
bd80b1198b index/suffixarray: support for serialization
R=r
CC=golang-dev
https://golang.org/cl/5040041
2011-09-15 16:21:21 -07:00
Brad Fitzpatrick
f5181ae9d7 textproto: parse RFC 959 multiline responses correctly
Fixes #2218

R=golang-dev, rsc
CC=golang-dev
https://golang.org/cl/5037041
2011-09-15 14:29:59 -07:00
Brad Fitzpatrick
e30b9fd87e http: MaxBytesReader doc cleanups
Comments from rsc after 4921049 was submitted.

R=rsc
CC=golang-dev
https://golang.org/cl/5034042
2011-09-15 14:26:22 -07:00
Brad Fitzpatrick
758b62bf6a http: document that Response.Body is non-nil
Fixes #2208

R=golang-dev, rsc
CC=golang-dev
https://golang.org/cl/5011051
2011-09-15 14:09:53 -07:00
Russ Cox
1505cae05d flag: make zero FlagSet useful
This makes it possible to use a FlagSet as a
field in a larger struct.

R=golang-dev, r
CC=golang-dev
https://golang.org/cl/5036041
2011-09-15 17:04:51 -04:00
Russ Cox
bb0c8b3b66 godoc: use go/build to find files in a package
Fixes #1156.
Fixes #2172.

R=gri
CC=golang-dev
https://golang.org/cl/5015044
2011-09-15 16:49:06 -04:00
Russ Cox
2715956f13 build: add build comments to core packages
The go/build package already recognizes
system-specific file names like

        mycode_darwin.go
        mycode_darwin_386.go
        mycode_386.s

However, it is also common to write files that
apply to multiple architectures, so a recent CL added
to go/build the ability to process comments
listing a set of conditions for building.  For example:

        // +build darwin freebsd openbsd/386

says that this file should be compiled only on
OS X, FreeBSD, or 32-bit x86 OpenBSD systems.

These conventions are not yet documented
(hence this long CL description).

This CL adds build comments to the multi-system
files in the core library, a step toward making it
possible to use go/build to build them.

With this change go/build can handle crypto/rand,
exec, net, path/filepath, os/user, and time.

os and syscall need additional adjustments.

R=golang-dev, r, gri, r, gustavo
CC=golang-dev
https://golang.org/cl/5011046
2011-09-15 16:48:57 -04:00
Russ Cox
ef32eaceef go/build: change //build to // +build
New rules as discussed on CL 5011046.
Also apply to C and assembly files, not just Go files.

R=r, rogpeppe
CC=golang-dev
https://golang.org/cl/5015051
2011-09-15 16:48:21 -04:00
Brad Fitzpatrick
b955e26564 http/cgi: add openbsd environment configuration
R=iant, iant
CC=golang-dev
https://golang.org/cl/5016051
2011-09-15 12:41:00 -07:00
Brad Fitzpatrick
7233dcde99 http: fix WriteProxy documentation
Fixes #2258

R=golang-dev, rsc
CC=golang-dev
https://golang.org/cl/5016048
2011-09-15 10:28:55 -07:00
Russ Cox
6430f46e4b go/build: fix build (revert test changes)
R=adg
TBR=adg
CC=golang-dev
https://golang.org/cl/5024046
2011-09-15 12:34:34 -04:00
Russ Cox
17bebd3caa go/build: handle cgo, //build comments
R=adg
CC=golang-dev
https://golang.org/cl/5018044
2011-09-15 12:11:41 -04:00
Mike Samuel
ce008f8c37 exp/template/html: pre-sanitized content
Not all content is plain text.  Sometimes content comes from a trusted
source, such as another template invocation, an HTML tag whitelister,
etc.

Template authors can deal with over-escaping in two ways.

1) They can encapsulate known-safe content via
   type HTML, type CSS, type URL, and friends in content.go.
2) If they know that the for a particular action never needs escaping
   then they can add |noescape to the pipeline.
   {{.KnownSafeContent | noescape}}
   which will prevent any escaping directives from being added.

This CL defines string type aliases: HTML, CSS, JS, URI, ...
It then modifies stringify to unpack the content type.
Finally it modifies the escaping functions to use the content type and
decline to escape content that does not require it.

There are minor changes to escapeAction and helpers to treat as
equivalent explicit escaping directives such as "html" and "urlquery"
and the escaping directives defined in the contextual autoescape module
and to recognize the special "noescape" directive.

The html escaping functions are rearranged.  Instead of having one
escaping function used in each {{.}} in

    {{.}} : <textarea title="{{.}}">{{.}}</textarea>

a slightly different escaping function is used for each.
When {{.}} binds to a pre-sanitized string of HTML

    `one < <i>two</i> &amp; two < "3"`

we produces something like

     one < <i>two</i> &amp; two < "3" :
     <textarea title="one &lt; two &amp; two &lt; &#34;3&#34;">
       one &lt; &lt;i&gt;two&lt;/i&gt; &amp; two &lt; "3"
     </textarea>

Although escaping is not required in <textarea> normally, if the
substring </textarea> is injected, then it breaks, so we normalize
special characters in RCDATA and do the same to preserve attribute
boundaries.  We also strip tags since developers never intend
typed HTML injected in an attribute to contain tags escaped, but
do occasionally confuse pre-escaped HTML with HTML from a
tag-whitelister.

R=golang-dev, nigeltao
CC=golang-dev
https://golang.org/cl/4962067
2011-09-15 08:51:55 -07:00
Andrew Gerrand
f41ab6c7c8 doc: release.r60.1
R=r
CC=golang-dev
https://golang.org/cl/5002041
2011-09-15 19:26:12 +10:00
Robert Griesemer
d76c4a52e7 godoc: support for complete index serialization
- now fulltext index information is saved/restored
- minor updates to appinit.go

R=rsc
CC=golang-dev
https://golang.org/cl/5024043
2011-09-14 20:46:03 -07:00
Robert Griesemer
957fd575fc go/token: support to serialize file sets
R=rsc
CC=golang-dev
https://golang.org/cl/5024042
2011-09-14 20:45:45 -07:00
Mike Samuel
3eb41fbeb6 exp/template/html: render templates unusable when escaping fails
This moots a caveat in the proposed package documentation by
rendering useless any template that could not be escaped.

From https://golang.org/cl/4969078/
> If EscapeSet returns an error, do not Execute the set; it is not
> safe against injection.
r: [but isn't the returned set nil? i guess you don't overwrite the
r: original if there's a problem, but i think you're in your rights to
r: do so]

R=r
CC=golang-dev
https://golang.org/cl/5020043
2011-09-14 20:40:50 -07:00
Hector Chu
5c30325983 runtime: eliminate handle churn when churning channels on Windows
The Windows implementation of the net package churns through a couple of channels for every read/write operation.  This translates into a lot of time spent in the kernel creating and deleting event objects.

R=rsc, dvyukov, alex.brainman, jp
CC=golang-dev
https://golang.org/cl/4997044
2011-09-14 20:23:21 -04:00
Ian Lance Taylor
e076c502dd debug/elf: permit another case of SHT_NOBITS section overlap in test
Lets test pass when using gccgo.

R=golang-dev, rsc
CC=golang-dev
https://golang.org/cl/5018046
2011-09-14 15:33:37 -07:00
David Symonds
3be088e354 json: if a field's tag is "-", never encode it.
R=adg, r, edsrzf, rsc, r
CC=golang-dev
https://golang.org/cl/4962052
2011-09-15 08:09:43 +10:00
Mike Samuel
23fab11c47 exp/template/html: flesh out package documentation.
R=nigeltao, r
CC=golang-dev
https://golang.org/cl/4969078
2011-09-14 14:21:20 -07:00
Rob Pike
b47bbecf7a src: fix a couple of govet-discovered errors.
R=golang-dev, rsc
CC=golang-dev
https://golang.org/cl/5021042
2011-09-14 13:29:31 -07:00
Adam Langley
a775fbf8a4 crypto/tls: support SSLv3
It would be nice not to have to support this since all the clients
that we care about support TLSv1 by now. However, due to buggy
implementations of SSLv3 on the Internet which can't do version
negotiation correctly, browsers will sometimes switch to SSLv3. Since
there's no good way for a browser tell a network problem from a buggy
server, this downgrade can occur even if the server in question is
actually working correctly.

So we need to support SSLv3 for robustness :(

Fixes #1703.

R=bradfitz
CC=golang-dev
https://golang.org/cl/5018045
2011-09-14 15:32:19 -04:00
Mike Samuel
514c9243f2 exp/template/html: check that modified nodes are not shared by templates
R=nigeltao
CC=golang-dev
https://golang.org/cl/5012044
2011-09-14 11:52:03 -07:00
Rob Pike
7edfcede13 path/filepath: document that Walk sorts its output
R=golang-dev, cw
CC=golang-dev
https://golang.org/cl/5004045
2011-09-14 11:18:43 -07:00
Marcel van Lohuizen
4e6f951e6b exp/norm: added normregtest to .hgignore.
R=r, rsc
CC=golang-dev
https://golang.org/cl/5009045
2011-09-14 20:03:21 +02:00