Gunosy.go #5 hash, html

(VOPTZHP IBTI IUNM ࠇ઒༸

IBTIύοέʔδ w IUUQHPMBOHKQQLHIBTI w ϋογϡ஋ͷܭࢉΛߦ͏ w վ᜵ݕग़ νΣοΫαϜ ʹར༻͢Δ w
ൺֱ΍ݕࡧ ϋογϡςʔϒϧɺॏෳݕग़ͳͲ ʹར༻͢ΔFUD w )BTI)BTIΠϯλʔϑΣʔε w JP8SJUFSΠϯλʔϑΣʔεΛFNCFE͍ͯ͠Δ w 4VN <>CZUF <>CZUF  ༩͑ΒΕͨόΠτྻʹݱࡏͷϋογϡ஋Λ଍ͨ͠΋ͷΛฦ͢ w 3FTFU   ݱࡏͷϋογϡ஋Λॳظ஋ʹϦηοτ͢Δ w 4J[F   ݱࡏͷϋογϡ஋ͷCZUF਺ w #MPDL4J[F   ϒϩοΫαΠζɻ͜ͷ஋ͷ੔਺ഒͩͱॻ͖ࠐΈ͕ޮ཰తʹͳΔΒ͍͠ w 4VN PS4VN   Ϗοτ΋͘͠͸Ϗοτͷϋογϡ஋Λฦ͢ w DSDDSDBEMFSGOW

ϋογϡ஋ͷܭࢉ w 8SJUFͰॻ͖ࠐΜͰ͍ͬͯ࠷ޙʹ4VN ΋͘͠͸4VNΛݺ΂ ͹ྑ͍ w ॳΊ͔Βσʔλ͕༩͑ΒΕ͍ͯΔ৔߹͸$IFDLTVN ΛݺΜͰ΋ྑ͍ w IUUQQMBZHPMBOHPSHQ6EQ@@TIS8H
d := []byte("Hello, playground") h := adler32.New() h.Write(d) fmt.Println(h.Sum32()) fmt.Println(adler32.Checksum(d)) 939132550 939132550

ϋογϡ஋Λ<>CZUFͰཉ͍͠ͱ͖ w σʔλΛॻ͖ࠐΜͰɺ࠷ޙʹϋογϡ஋Λॻ͖ࠐΈ͍ͨͱ͖ ͸ɺ4VN Λ࢖͏ w 4VN ͸ϋογϡ஋͸มߋ͠ͳ͍ w IUUQQMBZHPMBOHPSHQ*N'T94C/S
d := []byte("Hello, playground") h := crc32.NewIEEE() h.Write(d) fmt.Println(d) fmt.Println(h.Sum(d)) [72 101 108 108 111 44 32 112 108 97 121 103 114 111 117 110 100] [72 101 108 108 111 44 32 112 108 97 121 103 114 111 117 110 100 29 244 143 190]

IUNMύοέʔδ w )5.-ͷΤεέʔϓΞϯΤεέʔϓΛߦ͏ύοέʔδ w &TDBQF4USJOH TUSJOH TUSJOH w 6OFTDBQF4USJOH TUSJOH
TUSJOH w 6OFTDBQF4USJOH &TDBQF4USJOH T T͸ৗʹUSVF͕ͩɺٯ͸ਅͳΒͣ w IUUQQMBZHPMBOHPSHQ,+"[KO7O fmt.Println("'>' is escaped as", html.EscapeString(">")) acc_a := "á and á is the same character" fmt.Println(html.UnescapeString(acc_a)) '>' is escaped as > á and á is the same character

IUNMUFNQMBUFύοέʔδ w جຊతʹUFYUUFNQMBUFͱಉ͡ w )5.-ηʔϑͳͷͰɺग़ྗ͕)5.-ͷͱ͖͸ͪ͜ΒΛ࢖͏ͱ944ͳͲͷ৺഑͕গͳ͍ w IUUQQMBZHPMBOHPSHQ%7:K1-8@; import "text/template"
... t, err := template.New("foo").Parse(`{{define "T"}}Hello, {{.}}!{{end}}`) err = t.ExecuteTemplate(out, "T", "<script>alert('you have been pwned')</ script>") Hello, <script>alert('you have been pwned')</script>! import "html/template" ... t, err := template.New("foo").Parse(`{{define "T"}}Hello, {{.}}!{{end}}`) err = t.ExecuteTemplate(out, "T", "<script>alert('you have been pwned')</ script>") Hello, <script>alert('you have been pwned')</script>! <UFYUUFNQMBUFͷ৔߹> <IUNMUFNQMBUFͷ৔߹>

ίϯςΩετ w )5.-தʹ͸)5.-λάҎ֎ʹ΋63-΍+BWB4DSJQUͳͲ͕͋Δ  ˠͦΕͧΕɺΤεέʔϓํ๏͕ҟͳΔ w IUNMUFNQMBUF͸ίϯςΩετʹԠͯ͡ద੾ͳΤεέʔϓΛߦ͏ w IUUQQMBZHPMBOHPSHQ-#Y+6E&8U Context
{{.}} After {{.}} O'Reilly: How are <i>you</ i>? <a title='{{.}}'> O'Reilly: How are you? <a href="/{{.}}"> O'Reilly: How are %3ci%3eyou%3c/i %3e? <a href="?q={{.}}"> O'Reilly%3a%20How%20are%3ci%3e... %3f <a onx='f("{{.}}")'> O\x27Reilly: How are \x3ci\x3eyou...? <a onx='f({{.}})'> "O\x27Reilly: How are \x3ci \x3eyou...?" <a onx='pattern = /{{.}}/;'> O\x27Reilly: How are \x3ci\x3eyou... \x3f O’Reilly: How are <i>you</i>?

+BWB4DSJQUΦϒδΣΫτ w +BWB4DSJQUίϯςΩετͳΒTUSJOHҎ֎ͷΦϒδΣΫτΛ౉ͤ Δ w IUUQQMBZHPMBOHPSHQI2PB;,$R5 t, err :=
template.New("foo").Parse(`<script>var pair = {{.}};</ script>`) if err != nil { panic(err) } err = t.Execute(os.Stdout, struct{ A, B string }{"foo", "bar"}) <script>var pair = {"A":"foo","B":"bar"};</script>

Τεέʔϓ͞Εͨ͘ͳ͍ͱ͖ w λΠϓΛࢦఆ͢Δ w )5.- +4 63- w IUUQQMBZHPMBOHPSHQC2+N.
t, err := template.New("foo").Parse(`Hello, {{.}}!`) if err != nil { panic(err) } err = t.Execute(os.Stdout, template.HTML(`<b>World</b>`)) Hello, <b>World</b>!

Gunosy.go #5 hash, html

Gunosy.go #5 hash, html

Hiroshi Kurokawa

More Decks by Hiroshi Kurokawa

Other Decks in Technology

Featured

Transcript

(VOPTZHP IBTI IUNM ࠇ઒༸

IBTIύοέʔδ w IUUQHPMBOHKQQLHIBTI w ϋογϡ஋ͷܭࢉΛߦ͏ w վ᜵ݕग़ νΣοΫαϜ ʹར༻͢Δ w

ϋογϡ஋ͷܭࢉ w 8SJUFͰॻ͖ࠐΜͰ͍ͬͯ࠷ޙʹ4VN ΋͘͠͸4VNΛݺ΂ ͹ྑ͍ w ॳΊ͔Βσʔλ͕༩͑ΒΕ͍ͯΔ৔߹͸$IFDLTVN ΛݺΜͰ΋ྑ͍ w IUUQQMBZHPMBOHPSHQ6EQ@@TIS8H

ϋογϡ஋Λ<>CZUFͰཉ͍͠ͱ͖ w σʔλΛॻ͖ࠐΜͰɺ࠷ޙʹϋογϡ஋Λॻ͖ࠐΈ͍ͨͱ͖ ͸ɺ4VN Λ࢖͏ w 4VN ͸ϋογϡ஋͸มߋ͠ͳ͍ w IUUQQMBZHPMBOHPSHQ*N'T94C/S

IUNMύοέʔδ w )5.-ͷΤεέʔϓΞϯΤεέʔϓΛߦ͏ύοέʔδ w &TDBQF4USJOH TUSJOH TUSJOH w 6OFTDBQF4USJOH TUSJOH

IUNMUFNQMBUFύοέʔδ w جຊతʹUFYUUFNQMBUFͱಉ͡ w )5.-ηʔϑͳͷͰɺग़ྗ͕)5.-ͷͱ͖͸ͪ͜ΒΛ࢖͏ͱ944ͳͲͷ৺഑͕গͳ͍ w IUUQQMBZHPMBOHPSHQ%7:K1-8@; import "text/template"

ίϯςΩετ w )5.-தʹ͸)5.-λάҎ֎ʹ΋63-΍+BWB4DSJQUͳͲ͕͋Δ  ˠͦΕͧΕɺΤεέʔϓํ๏͕ҟͳΔ w IUNMUFNQMBUF͸ίϯςΩετʹԠͯ͡ద੾ͳΤεέʔϓΛߦ͏ w IUUQQMBZHPMBOHPSHQ-#Y+6E&8U Context

+BWB4DSJQUΦϒδΣΫτ w +BWB4DSJQUίϯςΩετͳΒTUSJOHҎ֎ͷΦϒδΣΫτΛ౉ͤ Δ w IUUQQMBZHPMBOHPSHQI2PB;,$R5 t, err :=

Τεέʔϓ͞Εͨ͘ͳ͍ͱ͖ w λΠϓΛࢦఆ͢Δ w )5.- +4 63- w IUUQQMBZHPMBOHPSHQC2+N.