html/template: improper handling of special tags within script contexts (CVE-2023-39319)

golang / go

The Go programming language

https://go.dev

BSD 3-Clause "New" or "Revised" License

121.19k stars 17.37k forks source link

html/template: improper handling of special tags within script contexts (CVE-2023-39319) #62197

Closed rolandshoemaker closed 10 months ago

rolandshoemaker commented 10 months ago

The html/template package did not apply the proper rules for handling occurances of "<script", "<!--", and "</script" within JS literals in Githubissues.

Githubissues is a development platform for aggregating issues.