diff options
-rw-r--r-- | src/pkg/html/template/content.go | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/pkg/html/template/content.go b/src/pkg/html/template/content.go index c1bd2e4949..42ea7930f0 100644 --- a/src/pkg/html/template/content.go +++ b/src/pkg/html/template/content.go @@ -47,7 +47,7 @@ type ( // JSStr("foo\\nbar") is fine, but JSStr("foo\\\nbar") is not. JSStr string - // URL encapsulates a known safe URL as defined in RFC 3896. + // URL encapsulates a known safe URL or URL substring (see RFC 3986). // A URL like `javascript:checkThatFormNotEditedBeforeLeavingPage()` // from a trusted source should go in the page, but by default dynamic // `javascript:` URLs are filtered out since they are a frequently |