html/template: improper handling of HTML-like comments within script contexts (CVE-2023-39318) [1.21 backport]

golang / go

The Go programming language

https://go.dev

BSD 3-Clause "New" or "Revised" License

121.19k stars 17.37k forks source link

Closed gopherbot closed 10 months ago

gopherbot commented 10 months ago

The html/template package did not properly handle HMTL-like "" comment tokens, nor hashbang "#!" comment tokens, in Githubissues.

Githubissues is a development platform for aggregating issues.