Roberto Clapis
Roberto Clapis
With the current implementation of `FakeClock` updates are lost if more than one is generated at a time. If, for example, one has a ticker that fires every five minutes...
I added a few tests and refactored code to follow styles specified in [go codereview comments](https://github.com/golang/go/wiki/CodeReviewComments). In details: * Left-aligned "happy path" * Changed nested code in `else` blocks with...
Hello, We have found an issue with this package while fuzzing it. This is the minimal repro case: https://play.golang.org/p/Eea7_GIQJGe
Escaping is intentionally not contextual. As the security section states the only supported automatic escaping is HTML-based ([link](https://github.com/valyala/quicktemplate#security)). This means that any use of this template that interpolates user-controlled data...
Handlerbars currently escapes only based on one function and allows users to specify a custom one, but within a certain template execution it only uses **one** escaping mechanism. This means...
Escaping is not contextual and HTML escaping is used in every context. This might lead newcomers to think that it is safe to interpolate user controlled data in a page,...
A nice feature of http.Mux is that it can be used as a handler, so users can set up separate parts of an application on separate muxes that share a...
We should have an octet-stream response that just copies from a given Reader. This would consist in adding a new case to the [`DefaultDispatcher`](https://github.com/google/go-safeweb/blob/master/safehttp/default_dispatcher.go#L43) and implement a new type that...
Assess the need for `safehttp.Map` and potentially remove it.
We should reserve some characters to support path parameters in the future. I propose to reserve `$` as a trigger for path parameters. Examples: * `/users/$id:int/page`: this parses the ID...