Why Go
- Case Studies
  
  Common problems companies solve with Go
- Use Cases
  
  Stories about how and why companies use Go
- Security
  
  How Go can help keep you secure by default
Learn
Docs
- Effective Go
  
  Tips for writing clear, performant, and idiomatic Go code
- Go User Manual
  
  A complete introduction to building software with Go
- Standard library
  
  Reference documentation for Go's standard library
- Release Notes
  
  Learn what's new in each Go release
Packages
Community
- Recorded Talks
  
  Videos from prior events
- Meetups
  
  Meet other local Go developers
- Conferences
  
  Learn and network with Go developers from around the world
- Go blog
  
  The Go project's official blog.
- Go project
  
  Get help and stay informed from Go
- Get connected

contexttest

package

Go to main page

Versions in this module

v1

v1.22.0-dev

Sep 20, 2023 GO-2024-3056 +7 more

GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

GO-2026-4274: Gitea's /api/v1/user endpoint has different responses for failed authentication depending on whether a username exists in code.gitea.io/gitea

v1.21.11

Apr 16, 2024 GO-2024-3056 +7 more

GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

GO-2026-4274: Gitea's /api/v1/user endpoint has different responses for failed authentication depending on whether a username exists in code.gitea.io/gitea

v1.21.10

Mar 25, 2024 GO-2024-3056 +7 more

GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

GO-2026-4274: Gitea's /api/v1/user endpoint has different responses for failed authentication depending on whether a username exists in code.gitea.io/gitea

v1.21.9

Mar 22, 2024 GO-2024-3056 +7 more

GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

GO-2026-4274: Gitea's /api/v1/user endpoint has different responses for failed authentication depending on whether a username exists in code.gitea.io/gitea

v1.21.8

Mar 13, 2024 GO-2024-3056 +7 more

GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

GO-2026-4274: Gitea's /api/v1/user endpoint has different responses for failed authentication depending on whether a username exists in code.gitea.io/gitea

v1.21.7

Feb 26, 2024 GO-2024-3056 +8 more

GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

GO-2026-4274: Gitea's /api/v1/user endpoint has different responses for failed authentication depending on whether a username exists in code.gitea.io/gitea

v1.21.6

Feb 22, 2024 GO-2024-3056 +8 more

GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

GO-2026-4274: Gitea's /api/v1/user endpoint has different responses for failed authentication depending on whether a username exists in code.gitea.io/gitea

Changes in this version

+ type MockContextOption struct

+ Render context.Render

v1.21.5

Feb 1, 2024 GO-2024-3056 +8 more

GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

GO-2026-4274: Gitea's /api/v1/user endpoint has different responses for failed authentication depending on whether a username exists in code.gitea.io/gitea

v1.21.4

Jan 17, 2024 GO-2024-3056 +8 more

GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

GO-2026-4274: Gitea's /api/v1/user endpoint has different responses for failed authentication depending on whether a username exists in code.gitea.io/gitea

v1.21.3

Dec 21, 2023 GO-2024-3056 +8 more

GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

GO-2026-4274: Gitea's /api/v1/user endpoint has different responses for failed authentication depending on whether a username exists in code.gitea.io/gitea

v1.21.2

Dec 12, 2023 GO-2024-3056 +8 more

GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

GO-2026-4274: Gitea's /api/v1/user endpoint has different responses for failed authentication depending on whether a username exists in code.gitea.io/gitea

v1.21.1

Nov 26, 2023 GO-2024-3056 +9 more

GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

GO-2026-4274: Gitea's /api/v1/user endpoint has different responses for failed authentication depending on whether a username exists in code.gitea.io/gitea

v1.21.0

Nov 14, 2023 GO-2024-3056 +9 more

GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

GO-2026-4274: Gitea's /api/v1/user endpoint has different responses for failed authentication depending on whether a username exists in code.gitea.io/gitea

Changes in this version

+ func LoadGitRepo(t *testing.T, ctx *context.Context)

+ func LoadRepo(t *testing.T, ctx gocontext.Context, repoID int64)

+ func LoadRepoCommit(t *testing.T, ctx gocontext.Context)

+ func LoadUser(t *testing.T, ctx gocontext.Context, userID int64)

+ func MockAPIContext(t *testing.T, reqPath string) (*context.APIContext, *httptest.ResponseRecorder)

+ func MockContext(t *testing.T, reqPath string) (*context.Context, *httptest.ResponseRecorder)

+ type MockRender struct

+ func (tr *MockRender) HTML(w io.Writer, status int, _ string, _ any, _ gocontext.Context) error

+ func (tr *MockRender) TemplateLookup(tmpl string, _ gocontext.Context) (templates.TemplateExecutor, error)

v1.21.0-rc2

Oct 19, 2023 GO-2024-3056 +9 more

GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

GO-2026-4274: Gitea's /api/v1/user endpoint has different responses for failed authentication depending on whether a username exists in code.gitea.io/gitea

v1.21.0-rc1

Oct 6, 2023 GO-2024-3056 +9 more

GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

GO-2026-4274: Gitea's /api/v1/user endpoint has different responses for failed authentication depending on whether a username exists in code.gitea.io/gitea

v1.21.0-rc0

Sep 20, 2023 GO-2024-3056 +9 more

GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

GO-2026-4274: Gitea's /api/v1/user endpoint has different responses for failed authentication depending on whether a username exists in code.gitea.io/gitea