You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We mention that text/template won't save you from XSS, but the documentation explicitly states that it is unsafe for handling user input. We should clarify that the threat model for text/template does not handle user input, and that html/template is only safe iff passed user data as parameters (e.g. we need to avoid Template Injection)
The text was updated successfully, but these errors were encountered:
We mention that
text/template
won't save you from XSS, but the documentation explicitly states that it is unsafe for handling user input. We should clarify that the threat model fortext/template
does not handle user input, and thathtml/template
is only safe iff passed user data as parameters (e.g. we need to avoid Template Injection)The text was updated successfully, but these errors were encountered: