2 matches found
golang: html/template: improper handling of HTML-like comments within script contexts
A flaw was found in Golang. The html/template package did not properly handle HMTL-like "" comment tokens, nor hashbang "!" comment tokens, in contexts. This issue may cause the template parser to improperly interpret the contents of contexts, causing actions to be improperly escaped...
Cross-Site Scripting (XSS)
html/template is vulnerable to Cross-Site Scripting XSS attacks. The vulnerability exists because the package does not properly handle HTML-like "" comment tokens, nor hashbang "!" comment tokens, in...