Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
html/template: prevent panic while escaping pipelines
AFAIK, the documentation does not explicitly state whether variables can store a callable entity or not. I believe the current implementation in text/template assumes they cannot though. The call builtin function is supposed to be used for this purpose. Template "{{0|$}}" should generate an error at runtime, instead of a panic. Similarly, template "{{0|(nil)}}" should not generate a panic. This CL aborts the sanitization process for a given pipeline when no identifier can be derived from the selected node. It happens with malformed pipelines. We now have the following errors: {{ 0 | $ }} template: foo:1:10: executing "foo" at <$>: can't give argument to non-function $ {{ 0 | (nil) }} template: foo:1:11: executing "foo" at <nil>: nil is not a command Fixes #11118 Fixes #11356 Change-Id: Idae52f806849f4c9ab7aca1b4bb4b59a74723d0e Reviewed-on: https://go-review.googlesource.com/10823 Reviewed-by: Rob Pike <[email protected]>
- Loading branch information