html: Sync changes from x/net

Before 324513b (2012-01-04) std "html" and what is now "golang.org/x/net/html" were the same. Ever since then (well, since 4e0749a (2012-05-29)) the escape/unescape code that they share has been drifting apart, each receiving separate improvements. This CL cherry-picks over all of the changes that "x/net/html" has seen. This is the counterpart to https://golang.org/cl/580855, and so also includes the de-duplication requested at https://go-review.googlesource.com/c/net/+/580855/comment/8f8679a3_12b9ead1/ 4e0749a : Author: Andrew Balholm <andybalholm@gmail.com> Date: Wed May 30 15:50:12 2012 +1000 exp/html: Convert \r and \r\n to \n when tokenizing Also escape "\r" as "&#13;" when rendering HTML. Pass 2 additional tests. R=nigeltao CC=golang-dev https://golang.org/cl/6260046 golang/net@3d87fd6 : Author: Dmitry Savintsev <dsavints@gmail.com> Date: Thu Feb 26 23:44:25 2015 +0100 x/net/html: Sync the html parser and atom with the current whatwg spec The current documentation as well as set of atoms and attributes has gotten slightly out of sync with the current state of the WHATWG html5 specification. The change adds and removes several of the atoms and attributes, updates the documentation (such as steps numbering in inBodyEndTagFormatting) and modifies the spec URLs to https:// Change-Id: I6dfa52785858c1521301b20b1e585e19a08b1e98 Reviewed-on: https://go-review.googlesource.com/6173 Reviewed-by: Nigel Tao <nigeltao@golang.org>

Author: LukeShu

src/html/escape.go

@@ -53,10 +53,9 @@ var replacementTable = [...]rune{
 // unescapeEntity reads an entity like "<" from b[src:] and writes the
 // corresponding "<" to b[dst:], returning the incremented dst and src cursors.
 // Precondition: b[src] == '&' && dst <= src.
-func unescapeEntity(b []byte, dst, src int) (dst1, src1 int) {
-const attribute = false
-
-// http://www.whatwg.org/specs/web-apps/current-work/multipage/tokenization.html#consume-a-character-reference
+// attribute should be true if parsing an attribute value.
+func unescapeEntity(b []byte, dst, src int, attribute bool) (dst1, src1 int) {
+// https://html.spec.whatwg.org/multipage/syntax.html#consume-a-character-reference
 
 // i starts at 1 because we already know that s[0] == '&'.
 i, s := 1, b[src:]
@@ -163,16 +162,38 @@ func unescapeEntity(b []byte, dst, src int) (dst1, src1 int) {
 return dst1, src1
 }
 
+func unescapeInner(b []byte, i int, attribute bool) []byte {
+dst, src := unescapeEntity(b, i, i, attribute)
+for len(b[src:]) > 0 {
+if b[src] == '&' {
+i = 0
+} else {
+i = bytes.IndexByte(b[src:], '&')
+}
+if i < 0 {
+dst += copy(b[dst:], b[src:])
+break
+}
+
+if i > 0 {
+copy(b[dst:], b[src:src+i])
+}
+dst, src = unescapeEntity(b, dst+i, src+i, attribute)
+}
+return b[:dst]
+}
+
 var htmlEscaper = strings.NewReplacer(
 `&`, "&amp;",
 `'`, "&#39;", // "&#39;" is shorter than "&apos;" and apos was not in HTML until HTML5.
 `<`, "&lt;",
 `>`, "&gt;",
 `"`, "&#34;", // "&#34;" is shorter than "&quot;".
+"\r", "&#13;",
 )
 
 // EscapeString escapes special characters like "<" to become "&lt;". It
-// escapes only five such characters: <, >, &, ' and ".
+// escapes only six such characters: <, >, &, ', ", and \r.
 // UnescapeString(EscapeString(s)) == s always holds, but the converse isn't
 // always true.
 func EscapeString(s string) string {
@@ -186,29 +207,8 @@ func EscapeString(s string) string {
 // always true.
 func UnescapeString(s string) string {
 populateMapsOnce.Do(populateMaps)
-i := strings.IndexByte(s, '&')
-
-if i < 0 {
-return s
-}
-
-b := []byte(s)
-dst, src := unescapeEntity(b, i, i)
-for len(s[src:]) > 0 {
-if s[src] == '&' {
-i = 0
-} else {
-i = strings.IndexByte(s[src:], '&')
-}
-if i < 0 {
-dst += copy(b[dst:], s[src:])
-break
-}
-
-if i > 0 {
-copy(b[dst:], s[src:src+i])
-}
-dst, src = unescapeEntity(b, dst+i, src+i)
+if i := strings.IndexByte(s, '&'); i >= 0 {
+return string(unescapeInner([]byte(s), i, false))
 }
-return string(b[:dst])
+return s
 }