Issue 101670044: code review 101670044: net/rpc: use html/template to render html

Keyboard Shortcuts

	File
u :	up to issue
m :	publish + mail comments
M :	edit review message
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line
<Enter> :	respond to / edit current comment
d :	mark current comment as done

	Issue
u :	up to list of issues
m :	publish + mail comments
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue
# :	close issue

	Comment/message editing
<Ctrl> + s or <Ctrl> + Enter :	save comment
<Esc> :	cancel edit

Issue 101670044: code review 101670044: net/rpc: use html/template to render html (Closed)

Can't Edit
Can't Publish+Mail
Start Review

Created:
11 years, 5 months ago by josharian

Modified:
11 years, 5 months ago

Reviewers:
r, gobot, minux

CC:
golang-codereviews, r

Visibility:
Public.

Description

net/rpc: use html/template to render html Found using the vet check in CL 106370045.

Patch Set 1 #

Patch Set 2 : diff -r 3a3269902fa7 https://code.google.com/p/go #

Patch Set 3 : diff -r 3a3269902fa7 https://code.google.com/p/go #

Patch Set 4 : diff -r d23b0ca920ca https://code.google.com/p/go #

Created: 11 years, 5 months ago

Download [raw] [tar.bz2]

		Unified diffs	Side-by-side diffs	Delta from patch set	Stats (+1 line, -1 line)			Patch
	M	src/pkg/net/rpc/debug.go	View	1	1 chunk	+1 line, -1 line	0 comments	Download

Messages

Total messages: 7

Expand All Messages | Collapse All Messages

josharian

Hello golang-codereviews@googlegroups.com, I'd like you to review this change to https://code.google.com/p/go

11 years, 5 months ago (2014-07-03 23:37:25 UTC) #1

josharian

*** Submitted as https://code.google.com/p/go/source/detail?r=49a6cbd80cf2 *** net/rpc: use html/template to render html Found using the vet ...

11 years, 5 months ago (2014-07-07 23:57:11 UTC) #3

gobot

This CL appears to have broken the linux-amd64 builder. See http://build.golang.org/log/c680473fc5a9cd360158ad57271398e5c59ee54b

11 years, 5 months ago (2014-07-07 23:59:02 UTC) #4

josharian

> This CL appears to have broken the linux-amd64 builder. > See http://build.golang.org/log/c680473fc5a9cd360158ad57271398e5c59ee54b > > ...

11 years, 5 months ago (2014-07-08 00:03:58 UTC) #5

minux

I think minimizing dependencies is the reason net/rpc was not using html/template.

11 years, 5 months ago (2014-07-08 00:15:49 UTC) #6

josharian

11 years, 5 months ago (2014-07-08 00:26:53 UTC) #7

> I think minimizing dependencies is the reason net/rpc was not using
html/template.

According to go list, the additional dependencies that html/template brings
are:

encoding
encoding/base64
encoding/json
html
unicode/utf16

I think that it is a worthwhile trade-off to be obviously correct and not
be subject to subtle, security-related breakage in the future.

I'll go ahead and send an updated version of this CL. If in light of this
discussion, you/r want to stick with text/template, I'll send a doc-only CL
to add a security reminder to net/rpc.

Expand All Messages | Collapse All Messages