Skip to content

x/website/internal/web: code examples render with double-escaped HTML #46839

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
networkimprov opened this issue Jun 20, 2021 · 2 comments
Closed

x/website/internal/web: code examples render with double-escaped HTML #46839

networkimprov opened this issue Jun 20, 2021 · 2 comments
Labels
FrozenDueToAge NeedsFix The path to resolution is known, but the work has not been done.
Milestone
Unreleased

Comments

@networkimprov
Copy link

I'm running the latest Firefox & Chrome on Windows.

The HTML for examples are mangled on at least this page:
https://golang.org/pkg/crypto/rsa/#example_DecryptOAEP

For instance:

ciphertext, _ := hex.DecodeString("4d1ee10e8f286390258c51a5e80802844c3e6358ad6690b7285218a7c7ed7fc3a4c7b950fbd04d4b0239cc060dcc7065ca6f84c1756deb71ca5685cadbb82be025e16449b905c568a19c088a1abfad54bf7ecc67a7df39943ec511091a34c0f2348d04e058fcff4d55644de3cd1d580791d4524b92f3e91695582e6e340a1c50b6c6d78e80b4e42c5b4d45e479b492de42bbd39cc642ebb80226bb5200020d501b24a37bcc2ec7f34e596b4fd6b063de4858dbf5a4e3dd18e262eda0ec2d19dbd8e890d672b63d368768360b20c0b6b8592a438fa275e5fa7f60bef0dd39673fd3989cc54d2cb80c08fcd19dacbc265ee1c6014616b0e04ea0328c2a04e73460")
label := []byte("orders")

<span class="comment">// crypto/rand.Reader is a good source of entropy for blinding the RSA</span>
<span class="comment">// operation.</span>
rng := rand.Reader

plaintext, err := DecryptOAEP(sha256.New(), rng, test2048Key, ciphertext, label)
if err != nil {
    fmt.Fprintf(os.Stderr, &#34;Error from decryption: %s\n&#34;, err)
    return
}

fmt.Printf(&#34;Plaintext: %s\n&#34;, string(plaintext))

<span class="comment">// Remember that encryption only provides confidentiality. The</span>
<span class="comment">// ciphertext should be signed before authenticity is assumed and, even</span>
<span class="comment">// then, consider that messages might be reordered.</span>
@seankhliao seankhliao changed the title godoc: Examples have mangled html x/website: Examples have mangled html Jun 20, 2021
@gopherbot gopherbot added this to the Unreleased milestone Jun 20, 2021
@seankhliao seankhliao added the NeedsFix The path to resolution is known, but the work has not been done. label Jun 20, 2021
@networkimprov
Copy link
Author

cc @dmitshur @agnivade

CarsonHoffman added a commit to CarsonHoffman/website that referenced this issue Jul 5, 2021
@CarsonHoffman
internal/web: stop double-escaping of code in non-playground examples
0535352 
4c9e549 introduced an issue causing non-playground
code examples to be double-escaped, causing HTML escape sequences and elements
to appear in the code, such as the examples in crypto/rsa, as reported in golang/go#46839.
This change treats the code as `template.HTML` rather than `string` after running
through (*Page).Node (which formats the code as HTML) and doing some basic transformations,
preventing this double-escaping from occurring.

Fixes golang/go#46839
CarsonHoffman added a commit to CarsonHoffman/website that referenced this issue Jul 5, 2021
@CarsonHoffman
internal/web: stop double-escaping of code in non-playground examples
e5adf7c 
4c9e549 introduced an issue causing non-playground
code examples to be double-escaped, causing HTML escape sequences and elements
to appear in the code, such as the examples in crypto/rsa, as reported in golang/go#46839.
This change treats the code as `template.HTML` rather than `string` after running
through `(*Page).Node` (which formats the code as HTML) and doing some basic transformations,
preventing this double-escaping from occurring.

Fixes golang/go#46839
@CarsonHoffman CarsonHoffman mentioned this issue Jul 5, 2021
Closed
@gopherbot
Copy link
Contributor

Change https://golang.org/cl/332889 mentions this issue: internal/web: stop double-escaping of code in non-playground examples

@dmitshur dmitshur changed the title x/website: Examples have mangled html x/website/internal/web: code examples render with double-escaped HTML Jul 15, 2021
@golang golang locked and limited conversation to collaborators Jul 19, 2022
MK825 added a commit to MK825/website that referenced this issue Oct 18, 2022
@MK825
internal/web: stop double-escaping of code in non-playground examples
25b2d47 
CL 317655 introduced an issue causing non-playground code examples
to be double-escaped, causing HTML escape sequences and elements
to appear in the code, such as the examples in crypto/rsa,
as reported in golang/go#46839. This change treats the code as
template.HTML rather than string after running through (*Page).Node
(which formats the code as HTML) and doing some basic transformations,
preventing this double-escaping from occurring.

Fixes golang/go#46839

Change-Id: Id226147eb51219bd5e2db61e959519258e39a298
GitHub-Last-Rev: 81f8dc5e878cd283f7d5865e73d214135838549b
GitHub-Pull-Request: golang/website#73
Reviewed-on: https://go-review.googlesource.com/c/website/+/332889
Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org>
Run-TryBot: Dmitri Shuralyov <dmitshur@golang.org>
TryBot-Result: Go Bot <gobot@golang.org>
Trust: Cherry Mui <cherryyz@google.com>
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
FrozenDueToAge NeedsFix The path to resolution is known, but the work has not been done.
Projects
None yet
Milestone
Unreleased
Development

Successfully merging a pull request may close this issue.

internal/web: stop double-escaping of code in non-playground examples CarsonHoffman/website
3 participants
@networkimprov @gopherbot @seankhliao