html/template: improper handling of special tags within script contexts (CVE-2023-39319) [1.21 backport]

golang / go

The Go programming language

https://go.dev

BSD 3-Clause "New" or "Revised" License

123.25k stars 17.57k forks source link

html/template: improper handling of special tags within script contexts (CVE-2023-39319) [1.21 backport] #62398

Closed gopherbot closed 1 year ago

gopherbot commented 1 year ago

The html/template package did not apply the proper rules for handling occurances of "<script", "<!--", and "</script" within JS literals in Githubissues.

Githubissues is a development platform for aggregating issues.