Contributor kadukcommentedFeb 2, 2017 This was closed because it's overtaken by events (1.1.0 has a unified build)? if this is needed, and if static linking for the apps is not sufficient, someone will have to re-open the issue.
DESCRIPTION: Go is vulnerable to HTML injection. A remote attacker could inject malicious HTML code into a template containing whitespace characters outside of the character set "\t\n\f\r\u0020\u2028\u2029",...