Skip to content

proposal: x/net/html: Option to not add <html><head></head><body> ... </body></head></html> tags #71321

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
pjebs opened this issue Jan 18, 2025 · 1 comment
Closed

proposal: x/net/html: Option to not add <html><head></head><body> ... </body></head></html> tags #71321

pjebs opened this issue Jan 18, 2025 · 1 comment
Labels
Proposal
Milestone
Proposal

Comments

@pjebs
Copy link
Contributor

pjebs commented Jan 18, 2025

Proposal Details

If I try and parse:

		<strong>
			<!-- comment 1 . -->
			<h1 class="jump">Title with <strong>BOLD</strong></h1>
			<script>
				console.log('sgasdg');
			</script>
			<script>
				console.log('2222');
			</script>
			<!-- commebsdg 2. -->
			<h3 style="text-color:red, width:50px" class="big top" data-good custom="ddd" onclick="alert('dasdg')">Subject</h3>
			<![CDATA[
Within this Character Data block I can
use double dashes as much as I want (along with <, &, ', and ")
*and* %MyParamEntity; will be expanded to the text
"Has been expanded" ... however, I can't use
the CEND sequence. If I need to use CEND I must escape one of the
brackets or the greater-than sign using concatenated CDATA sections.
]]>
		</strong>

using html.Parse.

It adds <html><head> </head><body> ... </body></head></html> tags at the start and the end.
There should be an option to disable adding these tags that don't exist in source html.

func ParseFragment(r io.Reader, context *Node) ([]*Node, error) requires a context which I can't provide.
@pjebs pjebs added the Proposal label Jan 18, 2025
@gopherbot gopherbot added this to the Proposal milestone Jan 18, 2025
@pjebs pjebs changed the title proposal: x/net/html: Option to not add <html><head> </head><body> ... </body></head></html> tags proposal: x/net/html: Option to not add <html><head></head><body> ... </body></head></html> tags Jan 18, 2025
@seankhliao
Copy link
Member

A context is necessary to maintain the proper security properties of x/net/html as processing of html can be dependent on the context it is in.
You can construct an appropriate fake context if necessary.

Closing as infeasible.

@seankhliao seankhliao closed this as not planned Won't fix, can't repro, duplicate, stale Jan 18, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Proposal
Projects
None yet
Milestone
Proposal
Development

No branches or pull requests
3 participants
@pjebs @gopherbot @seankhliao