From f7204d76bc3af681c12e8ed9bfb18c20bf6f8bc1 Mon Sep 17 00:00:00 2001
From: Sean Liao <sean@liao.dev>
Date: Fri, 19 May 2023 20:11:19 +0100
Subject: [PATCH] html/template: example for disallowed script type change

Fixes #59112

Change-Id: I617f8a4581a55a0f134f488462f415ec22eb4ee3
Reviewed-on: https://go-review.googlesource.com/c/go/+/496145
Reviewed-by: Junyang Shao <shaojunyang@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Ian Lance Taylor <iant@google.com>
---
 src/html/template/error.go | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/src/html/template/error.go b/src/html/template/error.go
index 805a788bfc..f85977841e 100644
--- a/src/html/template/error.go
+++ b/src/html/template/error.go
@@ -79,15 +79,18 @@ const (
 	ErrBadHTML
 
 	// ErrBranchEnd: "{{if}} branches end in different contexts"
-	// Example:
+	// Examples:
 	//   {{if .C}}<a href="{{end}}{{.X}}
+	//   <script {{with .T}}type="{{.}}"{{end}}>
 	// Discussion:
 	//   Package html/template statically examines each path through an
 	//   {{if}}, {{range}}, or {{with}} to escape any following pipelines.
-	//   The example is ambiguous since {{.X}} might be an HTML text node,
+	//   The first example is ambiguous since {{.X}} might be an HTML text node,
 	//   or a URL prefix in an HTML attribute. The context of {{.X}} is
 	//   used to figure out how to escape it, but that context depends on
 	//   the run-time value of {{.C}} which is not statically known.
+	//   The second example is ambiguous as the script type attribute
+	//   can change the type of escaping needed for the script contents.
 	//
 	//   The problem is usually something like missing quotes or angle
 	//   brackets, or can be avoided by refactoring to put the two contexts