1
0
mirror of https://github.com/golang/go synced 2024-11-24 23:17:57 -07:00
Commit Graph

9694 Commits

Author SHA1 Message Date
Mike Samuel
ce008f8c37 exp/template/html: pre-sanitized content
Not all content is plain text.  Sometimes content comes from a trusted
source, such as another template invocation, an HTML tag whitelister,
etc.

Template authors can deal with over-escaping in two ways.

1) They can encapsulate known-safe content via
   type HTML, type CSS, type URL, and friends in content.go.
2) If they know that the for a particular action never needs escaping
   then they can add |noescape to the pipeline.
   {{.KnownSafeContent | noescape}}
   which will prevent any escaping directives from being added.

This CL defines string type aliases: HTML, CSS, JS, URI, ...
It then modifies stringify to unpack the content type.
Finally it modifies the escaping functions to use the content type and
decline to escape content that does not require it.

There are minor changes to escapeAction and helpers to treat as
equivalent explicit escaping directives such as "html" and "urlquery"
and the escaping directives defined in the contextual autoescape module
and to recognize the special "noescape" directive.

The html escaping functions are rearranged.  Instead of having one
escaping function used in each {{.}} in

    {{.}} : <textarea title="{{.}}">{{.}}</textarea>

a slightly different escaping function is used for each.
When {{.}} binds to a pre-sanitized string of HTML

    `one < <i>two</i> &amp; two < "3"`

we produces something like

     one < <i>two</i> &amp; two < "3" :
     <textarea title="one &lt; two &amp; two &lt; &#34;3&#34;">
       one &lt; &lt;i&gt;two&lt;/i&gt; &amp; two &lt; "3"
     </textarea>

Although escaping is not required in <textarea> normally, if the
substring </textarea> is injected, then it breaks, so we normalize
special characters in RCDATA and do the same to preserve attribute
boundaries.  We also strip tags since developers never intend
typed HTML injected in an attribute to contain tags escaped, but
do occasionally confuse pre-escaped HTML with HTML from a
tag-whitelister.

R=golang-dev, nigeltao
CC=golang-dev
https://golang.org/cl/4962067
2011-09-15 08:51:55 -07:00
Andrew Gerrand
f41ab6c7c8 doc: release.r60.1
R=r
CC=golang-dev
https://golang.org/cl/5002041
2011-09-15 19:26:12 +10:00
Robert Griesemer
d76c4a52e7 godoc: support for complete index serialization
- now fulltext index information is saved/restored
- minor updates to appinit.go

R=rsc
CC=golang-dev
https://golang.org/cl/5024043
2011-09-14 20:46:03 -07:00
Robert Griesemer
957fd575fc go/token: support to serialize file sets
R=rsc
CC=golang-dev
https://golang.org/cl/5024042
2011-09-14 20:45:45 -07:00
Mike Samuel
3eb41fbeb6 exp/template/html: render templates unusable when escaping fails
This moots a caveat in the proposed package documentation by
rendering useless any template that could not be escaped.

From https://golang.org/cl/4969078/
> If EscapeSet returns an error, do not Execute the set; it is not
> safe against injection.
r: [but isn't the returned set nil? i guess you don't overwrite the
r: original if there's a problem, but i think you're in your rights to
r: do so]

R=r
CC=golang-dev
https://golang.org/cl/5020043
2011-09-14 20:40:50 -07:00
Hector Chu
5c30325983 runtime: eliminate handle churn when churning channels on Windows
The Windows implementation of the net package churns through a couple of channels for every read/write operation.  This translates into a lot of time spent in the kernel creating and deleting event objects.

R=rsc, dvyukov, alex.brainman, jp
CC=golang-dev
https://golang.org/cl/4997044
2011-09-14 20:23:21 -04:00
Ian Lance Taylor
e076c502dd debug/elf: permit another case of SHT_NOBITS section overlap in test
Lets test pass when using gccgo.

R=golang-dev, rsc
CC=golang-dev
https://golang.org/cl/5018046
2011-09-14 15:33:37 -07:00
David Symonds
3be088e354 json: if a field's tag is "-", never encode it.
R=adg, r, edsrzf, rsc, r
CC=golang-dev
https://golang.org/cl/4962052
2011-09-15 08:09:43 +10:00
Mike Samuel
23fab11c47 exp/template/html: flesh out package documentation.
R=nigeltao, r
CC=golang-dev
https://golang.org/cl/4969078
2011-09-14 14:21:20 -07:00
Rob Pike
b47bbecf7a src: fix a couple of govet-discovered errors.
R=golang-dev, rsc
CC=golang-dev
https://golang.org/cl/5021042
2011-09-14 13:29:31 -07:00
Adam Langley
a775fbf8a4 crypto/tls: support SSLv3
It would be nice not to have to support this since all the clients
that we care about support TLSv1 by now. However, due to buggy
implementations of SSLv3 on the Internet which can't do version
negotiation correctly, browsers will sometimes switch to SSLv3. Since
there's no good way for a browser tell a network problem from a buggy
server, this downgrade can occur even if the server in question is
actually working correctly.

So we need to support SSLv3 for robustness :(

Fixes #1703.

R=bradfitz
CC=golang-dev
https://golang.org/cl/5018045
2011-09-14 15:32:19 -04:00
Mike Samuel
514c9243f2 exp/template/html: check that modified nodes are not shared by templates
R=nigeltao
CC=golang-dev
https://golang.org/cl/5012044
2011-09-14 11:52:03 -07:00
Rob Pike
7edfcede13 path/filepath: document that Walk sorts its output
R=golang-dev, cw
CC=golang-dev
https://golang.org/cl/5004045
2011-09-14 11:18:43 -07:00
Marcel van Lohuizen
4e6f951e6b exp/norm: added normregtest to .hgignore.
R=r, rsc
CC=golang-dev
https://golang.org/cl/5009045
2011-09-14 20:03:21 +02:00
Ian Lance Taylor
5f172fadbe test: Add test for inheriting private method from anonymous field.
The spec says that all methods are inherited from an anonymous
field.  There is no exception for non-exported methods.

This is related to issue 1536.

R=rsc
CC=golang-dev
https://golang.org/cl/5012043
2011-09-14 10:31:51 -07:00
Robert Griesemer
1007a11924 go/printer: use panic/defer instead of goroutine
for handling errors

Fixes #2249.

R=rsc
CC=golang-dev
https://golang.org/cl/4952071
2011-09-14 08:49:21 -07:00
Russ Cox
b039883946 gofmt: add else test
R=gri
CC=golang-dev
https://golang.org/cl/4978065
2011-09-14 11:29:18 -04:00
Russ Cox
e81d72100a websocket: rename websocket.WebSocketAddr to *websocket.Addr.
R=ukai
CC=golang-dev
https://golang.org/cl/4999043
2011-09-14 11:29:11 -04:00
Russ Cox
33d00fae30 runtime: track HeapIdle
R=golang-dev, r
CC=golang-dev
https://golang.org/cl/4995045
2011-09-14 11:29:01 -04:00
Mikio Hara
fa767ff231 image/jpeg: fix build
R=golang-dev
CC=golang-dev
https://golang.org/cl/5020045
2011-09-14 11:14:03 -04:00
Nigel Tao
1a35450a10 image/draw: unbreak build for image.NewXxx change.
TBR=rsc
CC=golang-dev
https://golang.org/cl/5016044
2011-09-14 22:09:46 +10:00
Nigel Tao
aa75bee7a5 image: change the NewXxx functions to take a Rectangle instead of
taking (w, h int).

R=rsc, bsiegert, r
CC=golang-dev
https://golang.org/cl/4964073
2011-09-14 21:39:49 +10:00
Alex Brainman
7406379fff runtime: syscall to return both AX and DX for windows/386
Fixes #2181.

R=golang-dev, jp
CC=golang-dev
https://golang.org/cl/5000042
2011-09-14 16:19:45 +10:00
Mike Samuel
2b3b5cf4de template: add doc.go to Makefile
The template package is the only one that has a doc.go not mentioned
in its Makefile.

This doesn't seem to bother godoc, but seems like a bug to me.

$ for d in $(find pkg -name doc.go); do echo $d; grep doc.go $(dirname $d)/Makefile; done
pkg/fmt/doc.go
        doc.go\
pkg/go/doc/doc.go
        doc.go\
pkg/gob/doc.go
        doc.go\
pkg/html/doc.go
        doc.go\
pkg/old/template/doc.go
        doc.go\
pkg/sync/atomic/doc.go
        doc.go\
pkg/template/doc.go

R=r
CC=golang-dev
https://golang.org/cl/5003047
2011-09-13 18:50:02 -07:00
Mike Samuel
15d47ce219 exp/template/html: move transition functions to a separate file
This CL moves code but makes no changes otherwise.

R=nigeltao, r
CC=golang-dev
https://golang.org/cl/5012045
2011-09-13 17:53:55 -07:00
Rob Pike
4e3b725cf0 path/filepath: new signature for Walk
This one uses a closure than an interface, and is much simpler to use.
It also enables a called function to return an error and (possibly)
halt processing.

Fixes #2237.

R=golang-dev, gri, rsc, r, cw, n13m3y3r
CC=golang-dev
https://golang.org/cl/5014043
2011-09-13 17:47:59 -07:00
Mike Samuel
4c6454aecf exp/template/html: escape {{template}} calls and sets of templates
This adds support for {{template "callee"}} calls.
It recognizes that calls can appear in many contexts.

{{if .ImageURL}}
    <img src="{{.ImageURL}}" alt="{{template "description"}}">
{{else}}
    <p>{{template "description"}}</p>
{{end}}

calls a template in two different contexts, first in an HTML attribute
context, and second in an HTML text context.

Those two contexts aren't very different, but when linking text
to search terms, the escaping context can be materially different:

<a href="/search?q={{template "tags"}}">{{template "tags"}}</a>

This adds API:
EscapeSet(*template.Set, names ...string) os.Error

takes a set of templates and the names of those which might be called
in the default context as starting points.

It changes the escape* functions to be methods of an object which
maintains a conceptual mapping of
(template names*input context) -> output context.

The actual mapping uses as key a mangled name which combines the
template name with the input context.

The mangled name when the input context is the default context is the
same as the unmangled name.

When a template is called in multiple contexts, we clone the template.

{{define "tagLink"}}
  <a href="/search?q={{template "tags"}}">{{template "tags"}}</a>
{{end}}
{{define "tags"}}
  {{range .Tags}}{{.}},{{end}}
{{end}}

given []string{ "foo", "O'Reilly", "bar" } produces

  <a href="/search?q=foo,O%27Reilly,bar">foo,O&#39;Reilly,bar</a>

This involves rewriting the above to something like

{{define "tagLink"}}
  <a href="/search?q={{template "tags$1"}}">{{template "tags"}}</a>
{{end}}
{{define "tags"}}
  {{range .Tags}}{{. | html}},{{end}}
{{end}}
{{define "tags$1"}}
  {{range .Tags}}{{. | urlquery}},{{end}}
{{end}}

clone.go provides a mechanism for cloning template "tags" to produce
"tags$1".

changes to escape.go implement the new API and context propagation
around the call graph.

context.go includes minor changes to support name mangling and
context_test.go tests those.

js.go contains a bug-fix.

R=nigeltao, r
CC=golang-dev
https://golang.org/cl/4969072
2011-09-13 16:57:39 -07:00
Ian Lance Taylor
9377b28833 http: Alphabetize imports.
R=golang-dev, bradfitz
CC=golang-dev
https://golang.org/cl/5002043
2011-09-13 09:38:26 -07:00
Ian Lance Taylor
096f3a293e os: Fix comment in generated signal_unix.go file.
R=golang-dev, bradfitz
CC=golang-dev
https://golang.org/cl/5013042
2011-09-13 09:38:08 -07:00
Marcel van Lohuizen
efea5d0fb9 exp/norm: Added regression test tool for the standard Unicode test set.
R=r
CC=golang-dev
https://golang.org/cl/4973064
2011-09-13 12:51:48 +02:00
Nigel Tao
40d85fb097 net: add a LookupTXT function.
This CL only supports Unix, not Plan 9 or Windows.

R=rsc
CC=golang-dev
https://golang.org/cl/4996048
2011-09-13 13:05:33 +10:00
Alex Brainman
cd269b0c2b time: another attempt to fix windows build
R=bradfitz
CC=golang-dev
https://golang.org/cl/4967067
2011-09-13 12:42:24 +10:00
Brad Fitzpatrick
29d5d9a5bb time: fix Windows build after ceeedb519c4a
R=golang-dev, r
CC=golang-dev
https://golang.org/cl/4983060
2011-09-12 17:18:25 -07:00
Mike Samuel
0432a23c68 exp/template/html: tolerate '/' ambiguity in JS when it doesn't matter.
Often, division/regexp ambiguity doesn't matter in JS because the next
token is not a slash.

For example, in

  <script>var global{{if .InitVal}} = {{.InitVal}}{{end}}</script>

When there is an initial value, the {{if}} ends with jsCtxDivOp
since a '/' following {{.InitVal}} would be a division operator.
When there is none, the empty {{else}} branch ends with jsCtxRegexp
since a '/' would start a regular expression.  A '/' could result
in a valid program if it were on a new line to allow semicolon
insertion to terminate the VarDeclaration.

There is no '/' though, so we can ignore the ambiguity.

There are cases where a missing semi can result in ambiguity that
we should report.

  <script>
  {{if .X}}var x = {{.X}}{{end}}
  /...{{.Y}}
  </script>

where ... could be /foo/.test(bar) or /divisor.  Disambiguating in
this case is hard and is required to sanitize {{.Y}}.

Note, that in the case where there is a '/' in the script tail but it
is not followed by any interpolation, we already don't care.  So we
are already tolerant of

<script>{{if .X}}var x = {{.X}}{{end}}/a-bunch-of-text</script>

because tJS checks for </script> before looking in /a-bunch-of-text.

This CL
- Adds a jsCtx value: jsCtxUnknown
- Changes joinContext to join contexts that only differ by jsCtx.
- Changes tJS to return an error when a '/' is seen in jsCtxUnknown.
- Adds tests for both the happy and sad cases.

R=nigeltao
CC=golang-dev
https://golang.org/cl/4956077
2011-09-12 16:37:03 -07:00
Mike Samuel
80a5ddbdb1 exp/template/html: fix bug /*/ is not a full JS block comment.
Similar tests for CSS already catch this problem in tCSS.

R=nigeltao
CC=golang-dev
https://golang.org/cl/4967065
2011-09-12 16:01:30 -07:00
Russ Cox
3b189d8f9c crypto/tls: handle non-TLS more robustly
Fixes #2253.

R=agl
CC=golang-dev
https://golang.org/cl/4960066
2011-09-12 16:52:49 -04:00
Russ Cox
9fc687392c gc: clean up if grammar
Fixes #2248.

R=ken2
CC=golang-dev
https://golang.org/cl/4978064
2011-09-12 15:52:29 -04:00
Russ Cox
48e9c771a1 gofmt: accept program fragments on standard input
This makes it possible to grab a block of code
in an editor and pipe it through gofmt, instead of
having to pipe in the entire file.

R=gri
CC=golang-dev
https://golang.org/cl/4973074
2011-09-12 15:41:49 -04:00
Robert Griesemer
7944bbf2d2 godoc, suffixarray: switch to exp/regexp
R=rsc
CC=golang-dev
https://golang.org/cl/4983058
2011-09-12 12:20:48 -07:00
Gustavo Niemeyer
817da66576 path/filepath: fix Visitor doc
The path is not in fact relative to the root, but
joined to it.

R=golang-dev, adg, rsc, gustavo
CC=golang-dev
https://golang.org/cl/4977059
2011-09-12 16:18:48 -03:00
Rob Pike
7d43b84282 time: make Weekday a method.
Weekday is redundant information for a Time structure.
When parsing a time with a weekday specified, it can create an
incorrect Time value.
When parsing a time without a weekday specified, people
expect the weekday to be set.
Fix all three problems by computing the weekday on demand.

This is hard to gofix, since we must change the type of the node.
Since uses are rare and existing code will be caught by the compiler,
there is no gofix module here.

Fixes #2245.

R=golang-dev, bradfitz, rsc
CC=golang-dev
https://golang.org/cl/4974077
2011-09-12 11:47:55 -07:00
Russ Cox
9c6265d339 exp/regexp/syntax: fix invalid input parser crash
Reported by Kyle Lemons.

R=r
CC=golang-dev
https://golang.org/cl/4992045
2011-09-12 14:03:53 -04:00
Tarmigan Casebolt
73fd9e7d93 websocket: Fix infinite recursion in WebSockAddr String()
String() is already inherited from the embedded *url.URL

R=ukai, adg, rsc
CC=golang-dev
https://golang.org/cl/4992049
2011-09-12 13:48:56 -04:00
Marcel van Lohuizen
3e42de29c9 exp/norm: fixed typo. Bug exposed by gomake testtables. Changes did not affect other tests
as this part of Hangul is handled algorithmically.

R=r
CC=golang-dev
https://golang.org/cl/4951074
2011-09-12 10:21:35 +02:00
Nigel Tao
b2b3187f5e exp/template/html: fix JS regexp escape of an empty string.
R=dsymonds
CC=golang-dev, mikesamuel
https://golang.org/cl/4972063
2011-09-12 11:57:34 +10:00
Nigel Tao
a5d0b7ee3e image/png: don't use a goroutine to decode. This was preventing
decoding during an init function.

Fixes #2224.

R=rsc
CC=golang-dev
https://golang.org/cl/4964070
2011-09-10 09:51:13 +10:00
Andrew Gerrand
3bc2d0f20b doc: link to notable blog posts
R=golang-dev, r
CC=golang-dev
https://golang.org/cl/4996041
2011-09-10 09:35:25 +10:00
Luuk van Dijk
ac1b9545e3 ld: grow dwarf includestack on demand.
Fixes #2241
while not breaking issue 1878 again.

R=rsc
CC=golang-dev
https://golang.org/cl/4988048
2011-09-09 15:08:57 +02:00
Yasuhiro Matsumoto
3301e5a4f5 path/filepath: make UNC file names work
Fixes #2201

R=golang-dev, r, rsc, alex.brainman, robert.hencke, jp
CC=golang-dev
https://golang.org/cl/4950051
2011-09-09 17:38:29 +10:00
Mike Samuel
1f13423d3e exp/template/html: Grammar rules for HTML comments and special tags.
Augments type context and adds grammatical rules to handle special HTML constructs:
    <!-- comments -->
    <script>raw text</script>
    <textarea>no tags here</textarea>

This CL does not elide comment content.  I recommend we do that but
have not done it in this CL.

I used a codesearch tool over a codebase in another template language.

Based on the below I think we should definitely recognize
  <script>, <style>, <textarea>, and <title>
as each of these appears frequently enough that there are few
template using apps that do not use most of them.

Of the other special tags,
  <xmp>, <noscript>
are used but infrequently, and
  <noframe> and friend, <listing>
do not appear at all.

We could support <xmp> even though it is obsolete in HTML5
because we already have the machinery, but I suggest we do not
support noscript since it is a normal tag in some browser
configurations.

I suggest recognizing and eliding <!-- comments -->
(but not escaping text spans) as they are widely used to
embed comments in template source.  Not eliding them increases
the size of content sent over the network, and risks leaking
code and project internal details.
The template language I tested elides them so there are
no instance of IE conditional compilation directives in the
codebase but that could be a source of confusion.

The codesearch does the equivalent of
$ find . -name \*.file-extension \
  | perl -ne 'print "\L$1\n" while s@<([a-z][a-z0-9])@@i' \
  | sort | uniq -c | sort

The 5 uses of <plaintext> seem to be in tricky code and can be ignored.
The 2 uses of <xmp> appear in the same tricky code and can be ignored.
I also ignored end tags to avoid biasing against unary
elements and threw out some nonsense names since since the
long tail is dominated by uses of < as a comparison operator
in the template languages expression language.

I have added asterisks next to abnormal elements.

  26765 div
   7432 span
   7414 td
   4233 a
   3730 tr
   3238 input
   2102 br
   1756 li
   1755 img
   1674 table
   1388 p
   1311 th
   1064 option
    992 b
    891 label
    714 script *
    519 ul
    446 tbody
    412 button
    381 form
    377 h2
    358 select
    353 strong
    318 h3
    314 body
    303 html
    266 link
    262 textarea *
    261 head
    258 meta
    225 title *
    189 h1
    176 col
    156 style *
    151 hr
    119 iframe
    103 h4
    101 pre
    100 dt
     98 thead
     90 dd
     83 map
     80 i
     69 object
     66 ol
     65 em
     60 param
     60 font
     57 fieldset
     51 string
     51 field
     51 center
     44 bidi
     37 kbd
     35 legend
     30 nobr
     29 dl
     28 var
     26 small
     21 cite
     21 base
     20 embed
     19 colgroup
     12 u
     12 canvas
     10 sup
     10 rect
     10 optgroup
     10 noscript *
      9 wbr
      9 blockquote
      8 tfoot
      8 code
      8 caption
      8 abbr
      7 msg
      6 tt
      6 text
      6 h5
      5 svg
      5 plaintext *
      5 article
      4 shortquote
      4 number
      4 menu
      4 ins
      3 progress
      3 header
      3 content
      3 bool
      3 audio
      3 attribute
      3 acronym
      2 xmp *
      2 overwrite
      2 objects
      2 nobreak
      2 metadata
      2 description
      2 datasource
      2 category
      2 action

R=nigeltao
CC=golang-dev
https://golang.org/cl/4964045
2011-09-09 00:07:40 -07:00