mirror of https://github.com/golang/net.git synced 2026-03-31 10:27:08 +09:00

Go to file

Roland Shoemaker e1fcd82abb html: properly handle trailing solidus in unquoted attribute value in foreign content

The parser properly treats tags like <p a=/> as <p a="/">, but the
tokenizer emits the SelfClosingTagToken token incorrectly. When the
parser is used to parse foreign content, this results in an incorrect
DOM.

Thanks to Sean Ng (https://ensy.zip) for reporting this issue.

Fixes golang/go#73070
Fixes CVE-2025-22872

Change-Id: I65c18df6d6244bf943b61e6c7a87895929e78f4f
Reviewed-on: https://go-review.googlesource.com/c/net/+/661256
Reviewed-by: Neal Patel <nealpatel@google.com>
Reviewed-by: Roland Shoemaker <roland@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Gopher Robot <gobot@golang.org>

2025-03-27 12:51:24 -07:00

bpf

all: replace deprecated io/ioutil calls

2024-05-21 19:59:00 +00:00

context

context: delete lone example

2025-02-18 09:30:11 -08:00

dict

all: fix a few function names on comments

2022-10-12 13:50:44 +00:00

dns/dnsmessage

all: replace deprecated io/ioutil calls

2024-05-21 19:59:00 +00:00

html

html: properly handle trailing solidus in unquoted attribute value in foreign content

2025-03-27 12:51:24 -07:00

http

proxy, http/httpproxy: do not mismatch IPv6 zone ids against hosts

2025-03-04 11:00:06 -08:00

http2

http2: improve error when server sends HTTP/1

2025-03-13 05:30:06 -07:00

icmp

all: update go directive to 1.18

2023-10-11 21:58:12 +00:00

idna

all: update go directive to 1.18

2023-10-11 21:58:12 +00:00

internal

internal/http3: fix build of tests with GOEXPERIMENT=nosynctest

2025-03-25 08:01:24 -07:00

ipv4

all: replace deprecated io/ioutil calls

2024-05-21 19:59:00 +00:00

ipv6

all: replace deprecated io/ioutil calls

2024-05-21 19:59:00 +00:00

lif

all: update go directive to 1.18

2023-10-11 21:58:12 +00:00

nettest

all: replace deprecated io/ioutil calls

2024-05-21 19:59:00 +00:00

netutil

all: correct typos in comments

2023-02-07 17:08:46 +00:00

proxy

proxy, http/httpproxy: do not mismatch IPv6 zone ids against hosts

2025-03-04 11:00:06 -08:00

publicsuffix

publicsuffix: regenerate table

2025-03-20 16:04:31 -07:00

quic

quic: add Conn.ConnectionState

2025-02-25 10:41:37 -08:00

route

route: fix RTM_GET netmask parsing on Darwin

2025-02-10 12:16:25 -08:00

trace

all: fix some comments

2023-02-08 14:49:55 +00:00

webdav

internal/socket, webdav: use testing.T.TempDir

2025-01-21 14:35:12 -08:00

websocket

websocket: re-recommend gorilla/websocket

2025-03-05 13:52:38 -08:00

xsrftoken

xsrftoken: create no padding base64 string by RawURLEncoding

2024-07-22 18:18:19 +00:00

.gitattributes

net: add .gitattributes (fixes windows build)

2014-12-23 17:05:08 +11:00

.gitignore

gitignore: remove obsolete reference to .hgignore in comment

2020-03-20 18:12:08 +00:00

codereview.cfg

net: add codereview.cfg

2015-03-18 17:04:12 +00:00

CONTRIBUTING.md

CONTRIBUTING.md: remove note about not accepting Pull Requests

2018-03-14 18:02:42 +00:00

go.mod

go.mod: update golang.org/x dependencies

2025-03-05 11:41:12 -08:00

go.sum

go.mod: update golang.org/x dependencies

2025-03-05 11:41:12 -08:00

LICENSE

LICENSE: update per Google Legal

2024-07-16 16:05:10 +00:00

PATENTS

go.net: add PATENTS file to the subrepo.

2012-04-16 11:24:46 +10:00

README.md

README: don't recommend go get

2024-11-01 18:28:29 +00:00

README.md

Go Networking

This repository holds supplementary Go networking packages.

Report Issues / Send Patches

This repository uses Gerrit for code changes. To learn how to submit changes to this repository, see https://go.dev/doc/contribute.

The git repository is https://go.googlesource.com/net.

The main issue tracker for the net repository is located at https://go.dev/issues. Prefix your issue with "x/net:" in the subject line, so it is easy to find.