Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

html/template: handling of type attribute in script element is case-sensitive #19965

Closed
stjj89 opened this issue Apr 13, 2017 · 1 comment
Closed

html/template: handling of type attribute in script element is case-sensitive #19965

stjj89 opened this issue Apr 13, 2017 · 1 comment
Labels
FrozenDueToAge

Comments

@stjj89
Copy link
Contributor

stjj89 commented Apr 13, 2017

The following html/template template:

<script type="text/template">{{"Hello"}}!</script>
<script TYPE="text/template">{{"Hello"}}!</script>

produces the output

<script type="text/template">Hello!</script>
<script TYPE="text/template">"Hello"!</script>

Note that the case of the "type" attribute name affects the type of escaping applied to the body of the script element. This goes against the HTML spec, which says that attribute names are case-insensitive.

The source of this bug is in html/template's state machine (see here), where the attribute name found in the template is compared with the string literal "type" without first converting the attribute name to lowercase. However, when the attribute name is used to determine the attribute type, it is converted to lower case.
@gopherbot
Copy link

CL https://golang.org/cl/40650 mentions this issue.

@golang golang locked and limited conversation to collaborators Apr 20, 2018
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
FrozenDueToAge
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@stjj89 @gopherbot