diff options
| author | Nigel Tao <nigeltao@golang.org> | 2012-04-12 09:35:43 +1000 |
|---|---|---|
| committer | Nigel Tao <nigeltao@golang.org> | 2012-04-12 09:35:43 +1000 |
| commit | ec0b7b7de4cba3934b3433e454f30328f2c39585 (patch) | |
| tree | ca59c83c439c6f77d7cf48b1a084f345b133eae6 | |
| parent | a200931cae0af5950f12da55c349e985f9e1d92e (diff) | |
| download | go-ec0b7b7de4cba3934b3433e454f30328f2c39585.tar.gz go-ec0b7b7de4cba3934b3433e454f30328f2c39585.zip | |
[release-branch.go1] html, exp/html: escape ' and " as ' and ", since IE8 and
««« backport a70135896879
html, exp/html: escape ' and " as ' and ", since IE8 and
below do not support '.
This makes package html consistent with package text/template's
HTMLEscape function.
Fixes #3489.
R=rsc, mikesamuel, dsymonds
CC=golang-dev
https://golang.org/cl/5992071
»»»
| -rw-r--r-- | src/pkg/html/escape.go | 8 | ||||
| -rw-r--r-- | src/pkg/net/http/server.go | 6 | ||||
| -rw-r--r-- | src/pkg/text/template/funcs.go | 2 |
3 files changed, 10 insertions, 6 deletions
diff --git a/src/pkg/html/escape.go b/src/pkg/html/escape.go index fee771a578..24cb7af852 100644 --- a/src/pkg/html/escape.go +++ b/src/pkg/html/escape.go @@ -210,13 +210,15 @@ func escape(w writer, s string) error { case '&': esc = "&" case '\'': - esc = "'" + // "'" is shorter than "'" and apos was not in HTML until HTML5. + esc = "'" case '<': esc = "<" case '>': esc = ">" case '"': - esc = """ + // """ is shorter than """. + esc = """ default: panic("unrecognized escape character") } @@ -231,7 +233,7 @@ func escape(w writer, s string) error { } // EscapeString escapes special characters like "<" to become "<". It -// escapes only five such characters: amp, apos, lt, gt and quot. +// escapes only five such characters: <, >, &, ' and ". // UnescapeString(EscapeString(s)) == s always holds, but the converse isn't // always true. func EscapeString(s string) string { diff --git a/src/pkg/net/http/server.go b/src/pkg/net/http/server.go index 228ac40196..924ffd3481 100644 --- a/src/pkg/net/http/server.go +++ b/src/pkg/net/http/server.go @@ -785,8 +785,10 @@ var htmlReplacer = strings.NewReplacer( "&", "&", "<", "<", ">", ">", - `"`, """, - "'", "'", + // """ is shorter than """. + `"`, """, + // "'" is shorter than "'" and apos was not in HTML until HTML5. + "'", "'", ) func htmlEscape(s string) string { diff --git a/src/pkg/text/template/funcs.go b/src/pkg/text/template/funcs.go index 525179cb49..8fbf0ef50a 100644 --- a/src/pkg/text/template/funcs.go +++ b/src/pkg/text/template/funcs.go @@ -246,7 +246,7 @@ func not(arg interface{}) (truth bool) { var ( htmlQuot = []byte(""") // shorter than """ - htmlApos = []byte("'") // shorter than "'" + htmlApos = []byte("'") // shorter than "'" and apos was not in HTML until HTML5 htmlAmp = []byte("&") htmlLt = []byte("<") htmlGt = []byte(">") |