github/golang.net
2
0
Fork 0
mirror of https://github.com/golang/net.git synced 2026-03-31 18:37:08 +09:00
Code Issues Packages Projects Releases Wiki Activity
Files
v0.41.0
golang.net/html
History
Roland Shoemaker e1fcd82abb html: properly handle trailing solidus in unquoted attribute value in foreign content 
The parser properly treats tags like <p a=/> as <p a="/">, but the
tokenizer emits the SelfClosingTagToken token incorrectly. When the
parser is used to parse foreign content, this results in an incorrect
DOM.

Thanks to Sean Ng (https://ensy.zip) for reporting this issue.

Fixes golang/go#73070
Fixes CVE-2025-22872

Change-Id: I65c18df6d6244bf943b61e6c7a87895929e78f4f
Reviewed-on: https://go-review.googlesource.com/c/net/+/661256
Reviewed-by: Neal Patel <nealpatel@google.com>
Reviewed-by: Roland Shoemaker <roland@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Gopher Robot <gobot@golang.org>
2025-03-27 12:51:24 -07:00
..
atom
html: ensure <search> tag closes <p> and update tests
2025-03-12 15:46:46 -07:00
charset
all: replace deprecated io/ioutil calls
2024-05-21 19:59:00 +00:00
testdata
html: port html5lib tests from html5lib/html5lib-tests
2020-10-29 22:17:08 +00:00
comment_test.go
html: have Render escape comments less often
2023-02-28 08:42:21 +00:00
const.go
html: add comments indicating that these have been removed from the spec
2020-10-10 22:47:23 +00:00
doc.go
html: add Node.{Ancestors,ChildNodes,Descendants}()
2024-10-29 04:13:16 +00:00
doctype.go
html: use strings.EqualFold instead of lowering ourselves
2024-12-18 11:24:30 -08:00
entity_test.go
entity.go
html: gofmt -w -s
2018-05-08 21:14:25 +00:00
escape_test.go
escape.go
html: have Render escape comments less often
2023-02-28 08:42:21 +00:00
example_test.go
html: add Node.{Ancestors,ChildNodes,Descendants}()
2024-10-29 04:13:16 +00:00
foreign.go
html: use strings.EqualFold instead of lowering ourselves
2024-12-18 11:24:30 -08:00
iter_test.go
html: add Node.{Ancestors,ChildNodes,Descendants}()
2024-10-29 04:13:16 +00:00
iter.go
html: add Node.{Ancestors,ChildNodes,Descendants}()
2024-10-29 04:13:16 +00:00
node_test.go
node.go
html: add Node.{Ancestors,ChildNodes,Descendants}()
2024-10-29 04:13:16 +00:00
parse_test.go
html: ensure <search> tag closes <p> and update tests
2025-03-12 15:46:46 -07:00
parse.go
html: ensure <search> tag closes <p> and update tests
2025-03-12 15:46:46 -07:00
render_test.go
html: only render content literally in the HTML namespace
2023-08-01 17:41:59 +00:00
render.go
html: only render content literally in the HTML namespace
2023-08-01 17:41:59 +00:00
token_test.go
html: properly handle trailing solidus in unquoted attribute value in foreign content
2025-03-27 12:51:24 -07:00
token.go
html: properly handle trailing solidus in unquoted attribute value in foreign content
2025-03-27 12:51:24 -07:00