html/template: improper handling of special tags within script contexts (CVE-2023-39319) [1.20 backport]

golang / go

The Go programming language

https://go.dev

BSD 3-Clause "New" or "Revised" License

121.19k stars 17.37k forks source link

html/template: improper handling of special tags within script contexts (CVE-2023-39319) [1.20 backport] #62397

Closed gopherbot closed 10 months ago

gopherbot commented 10 months ago

The html/template package did not apply the proper rules for handling occurances of "<script", "<!--", and "</script" within JS literals in Githubissues.

Githubissues is a development platform for aggregating issues.