code review 6493113: html/template: fix URL doc (issue 6493113)
28 views
Skip to first unread message
r...@golang.org
Sep 12, 2012, 1:37:35 PM9/12/12
to mikes...@gmail.com, golan...@googlegroups.com, re...@codereview-hr.appspotmail.com
Reviewers: MikeSamuel,
Message:
Hello mikes...@gmail.com (cc: golan...@googlegroups.com),
I'd like you to review this change to
https://go.googlecode.com/hg/
Description:
html/template: fix URL doc
This is the easy part of issue 3528.
(What to do about "noescape" is the hard part, left open.)
Update issue 3528.
Please review this at http://codereview.appspot.com/6493113/
Affected files:
M src/pkg/html/template/content.go
Index: src/pkg/html/template/content.go
===================================================================
--- a/src/pkg/html/template/content.go
+++ b/src/pkg/html/template/content.go
@@ -47,7 +47,7 @@
// JSStr("foo\\nbar") is fine, but JSStr("foo\\\nbar") is not.
JSStr string
- // URL encapsulates a known safe URL as defined in RFC 3896.
+ // URL encapsulates a known safe URL as defined in RFC 3896 or a URL
substring.
// A URL like `javascript:checkThatFormNotEditedBeforeLeavingPage()`
// from a trusted source should go in the page, but by default dynamic
// `javascript:` URLs are filtered out since they are a frequently
Message:
Hello mikes...@gmail.com (cc: golan...@googlegroups.com),
I'd like you to review this change to
https://go.googlecode.com/hg/
Description:
html/template: fix URL doc
This is the easy part of issue 3528.
(What to do about "noescape" is the hard part, left open.)
Update issue 3528.
Please review this at http://codereview.appspot.com/6493113/
Affected files:
M src/pkg/html/template/content.go
Index: src/pkg/html/template/content.go
===================================================================
--- a/src/pkg/html/template/content.go
+++ b/src/pkg/html/template/content.go
@@ -47,7 +47,7 @@
// JSStr("foo\\nbar") is fine, but JSStr("foo\\\nbar") is not.
JSStr string
- // URL encapsulates a known safe URL as defined in RFC 3896.
+ // URL encapsulates a known safe URL as defined in RFC 3896 or a URL
substring.
// A URL like `javascript:checkThatFormNotEditedBeforeLeavingPage()`
// from a trusted source should go in the page, but by default dynamic
// `javascript:` URLs are filtered out since they are a frequently
Mike Samuel
Sep 12, 2012, 2:22:08 PM9/12/12
to r...@golang.org, mikes...@gmail.com, golan...@googlegroups.com, re...@codereview-hr.appspotmail.com
r...@golang.org
Sep 12, 2012, 2:49:19 PM9/12/12
to r...@golang.org, mikes...@gmail.com, golan...@googlegroups.com, re...@codereview-hr.appspotmail.com
dsym...@golang.org
Sep 12, 2012, 6:47:56 PM9/12/12
to r...@golang.org, mikes...@gmail.com, r...@golang.org, golan...@googlegroups.com, re...@codereview-hr.appspotmail.com
LGTM
https://codereview.appspot.com/6493113/diff/5001/src/pkg/html/template/content.go
File src/pkg/html/template/content.go (right):
https://codereview.appspot.com/6493113/diff/5001/src/pkg/html/template/content.go#newcode50
src/pkg/html/template/content.go:50: // URL encapsulates a known safe
otherwise this can be parsed as "a URL substring" defining a known safe
URL.
https://codereview.appspot.com/6493113/
https://codereview.appspot.com/6493113/diff/5001/src/pkg/html/template/content.go
File src/pkg/html/template/content.go (right):
https://codereview.appspot.com/6493113/diff/5001/src/pkg/html/template/content.go#newcode50
src/pkg/html/template/content.go:50: // URL encapsulates a known safe
URL as defined in RFC 3896 or a URL substring.
s/ or/,&/
otherwise this can be parsed as "a URL substring" defining a known safe
URL.
https://codereview.appspot.com/6493113/
Russ Cox
Sep 13, 2012, 10:52:49 AM9/13/12
to r...@golang.org, mikes...@gmail.com, r...@golang.org, dsym...@golang.org, golan...@googlegroups.com, re...@codereview-hr.appspotmail.com
> URL as defined in RFC 3896 or a URL substring.
> s/ or/,&/
>
> otherwise this can be parsed as "a URL substring" defining a known safe
> URL.
I used:
> s/ or/,&/
>
> otherwise this can be parsed as "a URL substring" defining a known safe
> URL.
// URL encapsulates a known safe URL or URL substring (see RFC 3986).
r...@golang.org
Sep 13, 2012, 10:54:24 AM9/13/12
to r...@golang.org, mikes...@gmail.com, r...@golang.org, dsym...@golang.org, golan...@googlegroups.com, re...@codereview-hr.appspotmail.com
*** Submitted as
http://code.google.com/p/go/source/detail?r=fead9e11a489 ***
html/template: fix URL doc
This is the easy part of issue 3528.
(What to do about "noescape" is the hard part, left open.)
Update issue 3528.
R=mikesamuel, r, dsymonds
CC=golang-dev
http://codereview.appspot.com/6493113
http://codereview.appspot.com/6493113/
http://code.google.com/p/go/source/detail?r=fead9e11a489 ***
html/template: fix URL doc
This is the easy part of issue 3528.
(What to do about "noescape" is the hard part, left open.)
Update issue 3528.
CC=golang-dev
http://codereview.appspot.com/6493113
http://codereview.appspot.com/6493113/
Reply all
Reply to author
Forward
0 new messages