Skip to content

Commit

Permalink
[release-branch.go1.20] html/template,mime/multipart: document new GO…
Browse files Browse the repository at this point in the history 
…DEBUG settings

This change documents the new GODEBUG settings introduced for
html/template and mime/multipart, released with Go 1.19.8 and Go 1.20.3
as part of a security fix.

Updates golang#59153.
For golang#59270.
Updates golang#59234.
For golang#59272.

Change-Id: I25f4d8245da3301dccccfb44da8ff1a5985392a4
Reviewed-on: https://go-review.googlesource.com/c/go/+/482555
TryBot-Result: Gopher Robot <gobot@golang.org>
Auto-Submit: Michael Knyszek <mknyszek@google.com>
Reviewed-by: Damien Neil <dneil@google.com>
Run-TryBot: Michael Knyszek <mknyszek@google.com>
  • Loading branch information
@mknyszek @bradfitz
mknyszek authored and bradfitz committed May 25, 2023
1 parent ddff070 commit a5bc970
Show file tree
Hide file tree
Showing 2 changed files with 22 additions and 0 deletions.
7 changes: 7 additions & 0 deletions src/html/template/doc.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -231,5 +231,12 @@ Least Surprise Property:
"A developer (or code reviewer) familiar with HTML, CSS, and JavaScript, who
knows that contextual autoescaping happens should be able to look at a {{.}}
and correctly infer what sanitization happens."
As a consequence of the Least Surprise Property, template actions within an
ECMAScript 6 template literal are disabled by default.
Handling string interpolation within these literals is rather complex resulting
in no clear safe way to support it.
To re-enable template actions within ECMAScript 6 template literals, use the
GODEBUG=jstmpllitinterp=1 environment variable.
*/
package template
15 changes: 15 additions & 0 deletions src/mime/multipart/multipart.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,21 @@ Package multipart implements MIME multipart parsing, as defined in RFC
The implementation is sufficient for HTTP (RFC 2388) and the multipart
bodies generated by popular browsers.
# Limits
To protect against malicious inputs, this package sets limits on the size
of the MIME data it processes.
Reader.NextPart and Reader.NextRawPart limit the number of headers in a
part to 10000 and Reader.ReadForm limits the total number of headers in all
FileHeaders to 10000.
These limits may be adjusted with the GODEBUG=multipartmaxheaders=<values>
setting.
Reader.ReadForm further limits the number of parts in a form to 1000.
This limit may be adjusted with the GODEBUG=multipartmaxparts=<value>
setting.
*/
package multipart

Expand Down

0 comments on commit a5bc970

Please sign in to comment.