html/template: prevent panic when escaping actions involving chain nodes

The current escape code panics when an action involves chain nodes. Such nodes can be seen in the following situation: {{ . | AAA.B }} - AAA being a registered function The above expression is actually valid, because AAA could return a map containing a B key. The tests in text/template explicitly demonstrate this case. Fix allIdents to cover also chain nodes. While I was investigating this issue, I realized that the tests introduced in similar CL 9621 were incorrect. Parse errors were caught as expected, but for the wrong reason. Fixed them as well. No changes in text/template code itself. Fixes #10801 Change-Id: Ic9fe43b63669298ca52c3f499e2725dd2bb818a8 Reviewed-on: https://go-review.googlesource.com/10340Reviewed-by: Rob Pike <r@golang.org>

html/template: prevent panic when escaping actions involving chain nodes
The current escape code panics when an action involves chain nodes. Such nodes can be seen in the following situation: {{ . | AAA.B }} - AAA being a registered function The above expression is actually valid, because AAA could return a map containing a B key. The tests in text/template explicitly demonstrate this case. Fix allIdents to cover also chain nodes. While I was investigating this issue, I realized that the tests introduced in similar CL 9621 were incorrect. Parse errors were caught as expected, but for the wrong reason. Fixed them as well. No changes in text/template code itself. Fixes #10801 Change-Id: Ic9fe43b63669298ca52c3f499e2725dd2bb818a8 Reviewed-on: https://go-review.googlesource.com/10340Reviewed-by: Rob Pike <r@golang.org>
f6853369 · Didier Spezia · Rob Pike · ae38ef4c · f6853369 · f6853369
Commit f6853369 authored May 21, 2015 by Didier Spezia Committed by Rob Pike Jun 01, 2015
Showing with 17 additions and 3 deletions

src/html/template/escape.go src/html/template/escape.go +3 -1

src/html/template/escape_test.go src/html/template/escape_test.go +12 -0

src/text/template/parse/parse_test.go src/text/template/parse/parse_test.go +2 -2

No files found.
--- a/src/html/template/escape.go
+++ b/src/html/template/escape.go
@@ -205,13 +205,15 @@ func (e *escaper) escapeAction(c context, n *parse.ActionNode) context {
 }
 // allIdents returns the names of the identifiers under the Ident field of the node,
-// which might be a singleton (Identifier) or a slice (Field).
+// which might be a singleton (Identifier) or a slice (Field or Chain).
 func allIdents(node parse.Node) []string {
 	switch node := node.(type) {
 	case *parse.IdentifierNode:
 		return []string{node.Ident}
 	case *parse.FieldNode:
 		return node.Ident
+	case *parse.ChainNode:
+		return node.Field
 	}
 	panic("unidentified node type in allIdents")
 }

--- a/src/html/template/escape_test.go
+++ b/src/html/template/escape_test.go
@@ -1557,6 +1557,18 @@ func TestEnsurePipelineContains(t *testing.T) {
 			".X | urlquery | html | print 2 | .f 3",
 			[]string{"urlquery", "html"},
 		},
+		{
+			// covering issue 10801
+			"{{.X | js.x }}",
+			".X | js.x | urlquery | html",
+			[]string{"urlquery", "html"},
+		},
+		{
+			// covering issue 10801
+			"{{.X | (print 12 | js).x }}",
+			".X | (print 12 | js).x | urlquery | html",
+			[]string{"urlquery", "html"},
+		},
 	}
 	for i, test := range tests {
 		tmpl := template.Must(template.New("test").Parse(test.input))

--- a/src/text/template/parse/parse_test.go
+++ b/src/text/template/parse/parse_test.go
@@ -272,8 +272,8 @@ var parseTests = []parseTest{
 	// Wrong pipeline
 	{"wrong pipeline dot", "{{12|.}}", hasError, ""},
 	{"wrong pipeline number", "{{.|12|printf}}", hasError, ""},
-	{"wrong pipeline string", "{{.|print|\"error\"}}", hasError, ""},
+	{"wrong pipeline string", "{{.|printf|\"error\"}}", hasError, ""},
-	{"wrong pipeline char", "{{12|print|html|'e'}}", hasError, ""},
+	{"wrong pipeline char", "{{12|printf|'e'}}", hasError, ""},
 	{"wrong pipeline boolean", "{{.|true}}", hasError, ""},
 	{"wrong pipeline nil", "{{'c'|nil}}", hasError, ""},
 	{"empty pipeline", `{{printf "%d" ( ) }}`, hasError, ""},