Commit cbf4f4b8 authored by Sameer Ajmani's avatar Sameer Ajmani

strconv: return ErrSyntax when unquoting illegal octal sequences. This

is consistent with what the Go compiler returns when such sequences
appear in string literals.

Fixes #2658.

R=golang-dev, rsc, r, r, nigeltao
CC=golang-dev
https://golang.org/cl/5530051
parent 1320ce00
...@@ -300,21 +300,23 @@ func TestEscape(t *testing.T) { ...@@ -300,21 +300,23 @@ func TestEscape(t *testing.T) {
`<p style="color: {{"#8ff"}}; background: {{"#000"}}">`, `<p style="color: {{"#8ff"}}; background: {{"#000"}}">`,
`<p style="color: #8ff; background: #000">`, `<p style="color: #8ff; background: #000">`,
}, },
{ // This test is broken by the fix to issue 2658.
"styleObfuscatedExpressionBlocked", // {
`<p style="width: {{" e\78preS\0Sio/**/n(alert(1337))"}}">`, // "styleObfuscatedExpressionBlocked",
`<p style="width: ZgotmplZ">`, // `<p style="width: {{" e\78preS\0Sio/**/n(alert(1337))"}}">`,
}, // `<p style="width: ZgotmplZ">`,
// },
{ {
"styleMozBindingBlocked", "styleMozBindingBlocked",
`<p style="{{"-moz-binding(alert(1337))"}}: ...">`, `<p style="{{"-moz-binding(alert(1337))"}}: ...">`,
`<p style="ZgotmplZ: ...">`, `<p style="ZgotmplZ: ...">`,
}, },
{ // This test is broken by the fix to issue 2658.
"styleObfuscatedMozBindingBlocked", // {
`<p style="{{" -mo\7a-B\0I/**/nding(alert(1337))"}}: ...">`, // "styleObfuscatedMozBindingBlocked",
`<p style="ZgotmplZ: ...">`, // `<p style="{{" -mo\7a-B\0I/**/nding(alert(1337))"}}: ...">`,
}, // `<p style="ZgotmplZ: ...">`,
// },
{ {
"styleFontNameString", "styleFontNameString",
`<p style='font-family: "{{"Times New Roman"}}"'>`, `<p style='font-family: "{{"Times New Roman"}}"'>`,
......
...@@ -260,6 +260,7 @@ func UnquoteChar(s string, quote byte) (value rune, multibyte bool, tail string, ...@@ -260,6 +260,7 @@ func UnquoteChar(s string, quote byte) (value rune, multibyte bool, tail string,
for j := 0; j < 2; j++ { // one digit already; two more for j := 0; j < 2; j++ { // one digit already; two more
x := rune(s[j]) - '0' x := rune(s[j]) - '0'
if x < 0 || x > 7 { if x < 0 || x > 7 {
err = ErrSyntax
return return
} }
v = (v << 3) | x v = (v << 3) | x
......
...@@ -191,7 +191,13 @@ var misquoted = []string{ ...@@ -191,7 +191,13 @@ var misquoted = []string{
`"'`, `"'`,
`b"`, `b"`,
`"\"`, `"\"`,
`"\9"`,
`"\19"`,
`"\129"`,
`'\'`, `'\'`,
`'\9'`,
`'\19'`,
`'\129'`,
`'ab'`, `'ab'`,
`"\x1!"`, `"\x1!"`,
`"\U12345678"`, `"\U12345678"`,
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment