From b004b4dae983b31dda50500fc12a1455afd337f6 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 6 Mar 2023 08:16:14 +0000 Subject: [chore]: Bump golang.org/x/crypto from 0.6.0 to 0.7.0 (#1593) Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.6.0 to 0.7.0. - [Release notes](https://github.com/golang/crypto/releases) - [Commits](https://github.com/golang/crypto/compare/v0.6.0...v0.7.0) --- updated-dependencies: - dependency-name: golang.org/x/crypto dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- vendor/golang.org/x/net/html/doc.go | 15 +++++++++++++++ 1 file changed, 15 insertions(+) (limited to 'vendor/golang.org/x/net/html/doc.go') diff --git a/vendor/golang.org/x/net/html/doc.go b/vendor/golang.org/x/net/html/doc.go index 822ed42a0..7a96eae33 100644 --- a/vendor/golang.org/x/net/html/doc.go +++ b/vendor/golang.org/x/net/html/doc.go @@ -92,6 +92,21 @@ example, to process each anchor node in depth-first order: The relevant specifications include: https://html.spec.whatwg.org/multipage/syntax.html and https://html.spec.whatwg.org/multipage/syntax.html#tokenization + +# Security Considerations + +Care should be taken when parsing and interpreting HTML, whether full documents +or fragments, within the framework of the HTML specification, especially with +regard to untrusted inputs. + +This package provides both a tokenizer and a parser. Only the parser constructs +a DOM according to the HTML specification, resolving malformed and misplaced +tags where appropriate. The tokenizer simply tokenizes the HTML presented to it, +and as such does not resolve issues that may exist in the processed HTML, +producing a literal interpretation of the input. + +If your use case requires semantically well-formed HTML, as defined by the +WHATWG specifiction, the parser should be used rather than the tokenizer. */ package html // import "golang.org/x/net/html" -- cgit v1.2.3