summaryrefslogtreecommitdiffstats
path: root/vendor/golang.org/x/net/html/doc.go
diff options
context:
space:
mode:
Diffstat (limited to 'vendor/golang.org/x/net/html/doc.go')
-rw-r--r--vendor/golang.org/x/net/html/doc.go15
1 files changed, 15 insertions, 0 deletions
diff --git a/vendor/golang.org/x/net/html/doc.go b/vendor/golang.org/x/net/html/doc.go
index 822ed42a..7a96eae3 100644
--- a/vendor/golang.org/x/net/html/doc.go
+++ b/vendor/golang.org/x/net/html/doc.go
@@ -92,6 +92,21 @@ example, to process each anchor node in depth-first order:
The relevant specifications include:
https://html.spec.whatwg.org/multipage/syntax.html and
https://html.spec.whatwg.org/multipage/syntax.html#tokenization
+
+# Security Considerations
+
+Care should be taken when parsing and interpreting HTML, whether full documents
+or fragments, within the framework of the HTML specification, especially with
+regard to untrusted inputs.
+
+This package provides both a tokenizer and a parser. Only the parser constructs
+a DOM according to the HTML specification, resolving malformed and misplaced
+tags where appropriate. The tokenizer simply tokenizes the HTML presented to it,
+and as such does not resolve issues that may exist in the processed HTML,
+producing a literal interpretation of the input.
+
+If your use case requires semantically well-formed HTML, as defined by the
+WHATWG specifiction, the parser should be used rather than the tokenizer.
*/
package html // import "golang.org/x/net/html"
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-28 01:01:55 +0000