Commit graph

5 commits

Author SHA1 Message Date
Bjørn Erik Pedersen
ee359df172 Fix upstream Go templates bug with reversed key/value assignment
The template packages are based on go1.20.5 with the patch in befec5ddbbfbd81ec84e74e15a38044d67f8785b  added.

This also includes a security fix that now disallows Go template actions in JS literals (inside backticks).

This will throw an error saying "... appears in a JS template literal".

If you're really sure this isn't a security risk in your case, you can revert to the old behaviour:

```toml
[security]
[security.gotemplates]
allowActionJSTmpl = true
```

See https://github.com/golang/go/issues/59234

Fixes #11112
2023-06-15 23:04:33 +02:00
Bjørn Erik Pedersen
f6ab9553f4 tpl/internal: Sync go_templates
Closes #10411
2022-11-14 22:31:50 +01:00
Bjørn Erik Pedersen
65a78cae1e
tpl: Sync go_templates for Go 1.18
Using Go tag go1.18 4aa1efed4853ea067d665a952eee77c52faac774

Updates #9677
2022-03-16 08:54:25 +01:00
Bjørn Erik Pedersen
cf3e077da3 tpl/internal: Synch Go templates fork with Go 1.16dev 2021-02-18 14:11:48 +01:00
Bjørn Erik Pedersen
167c01530b
Create lightweight forks of text/template and html/template
This commit also removes support for Ace and Amber templates.

Updates #6594
2019-12-12 09:59:34 +01:00