text/template: init depth limit

Address feedback received through review. Depth limit is now set
at init() to an architecture specific value. WASM is a special case.

Tests use the same approach to set the limit to a much lower value,
hopefully bringing more clarity. Removed a helper function for
generating test expressions.

Minor doc update.

Author: thevilledev

src/text/template/doc.go

@@ -16,7 +16,7 @@ by a period '.' and called "dot", to the value at the current location in the
 structure as execution proceeds.
 
 The security model used by this package assumes that template authors are
-trusted. text/template does not auto-escape output, so injecting code into
+trusted. The package does not auto-escape output, so injecting code into
 a template can lead to arbitrary code execution if the template is executed
 by an untrusted source.
 

src/text/template/parse/parse.go

@@ -32,7 +32,7 @@ type Tree struct {
 	treeSet    map[string]*Tree
 	actionLine int // line of left delim starting action
 	rangeDepth int
-	parenDepth int // current depth of nested parenthesized expressions
+	parenDepth int // depth of nested parenthesized expressions
 }
 
 // A mode value is a set of flags (or 0). Modes control parser behavior.
@@ -43,10 +43,19 @@ const (
 	SkipFuncCheck                  // do not check that functions are defined
 )
 
-// maxExpressionParenDepth is the maximum depth of nested parenthesized expressions.
-// It is used to prevent stack overflows from deep finite recursion in the parser.
-const maxExpressionParenDepth = 10000
-const maxExpressionParenDepthWasm = 1000 // Lower limit for WASM environments
+// maxExpressionParenDepth is the maximum depth permitted for nested
+// parenthesized expressions.
+var maxExpressionParenDepth int
+
+// init sets up the maximum expression parenthesis depth based on the architecture.
+// WebAssembly has a smaller stack size and is more prone to stack overflow.
+func init() {
+	if runtime.GOARCH == "wasm" {
+		maxExpressionParenDepth = 1000
+	} else {
+		maxExpressionParenDepth = 10000
+	}
+}
 
 // Copy returns a copy of the [Tree]. Any parsing state is discarded.
 func (t *Tree) Copy() *Tree {
@@ -794,8 +803,7 @@ func (t *Tree) term() Node {
 		}
 		return number
 	case itemLeftParen:
-		if t.parenDepth >= maxExpressionParenDepth ||
-			runtime.GOARCH == "wasm" && t.parenDepth >= maxExpressionParenDepthWasm {
+		if t.parenDepth >= maxExpressionParenDepth {
 			t.errorf("max expression depth exceeded")
 		}
 		t.parenDepth++

src/text/template/parse/parse_test.go

@@ -7,7 +7,6 @@ package parse
 import (
 	"flag"
 	"fmt"
-	"runtime"
 	"strings"
 	"testing"
 )
@@ -87,6 +86,11 @@ var numberTests = []numberTest{
 	{"0xef", true, true, true, false, 0xef, 0xef, 0xef, 0},
 }
 
+func init() {
+	// Use a small depth limit for testing to avoid creating huge expressions.
+	maxExpressionParenDepth = 3
+}
+
 func TestNumberParse(t *testing.T) {
 	for _, test := range numberTests {
 		// If fmt.Sscan thinks it's complex, it's complex. We can't trust the output
@@ -330,13 +334,13 @@ var parseTests = []parseTest{
 	{"block definition", `{{block "foo"}}hello{{end}}`, hasError, ""},
 
 	// Parenthesis nesting depth tests
-	{"paren nesting normal", "{{( ( ( ( (1) ) ) ) )}}", noError, "{{(((((1)))))}}"},
-	{"paren nesting at limit", "{{" + buildNestedParenExpression(getMaxParenDepth(), "1") + "}}", noError, "{{" + buildNestedParenExpression(getMaxParenDepth(), "1") + "}}"},
-	{"paren nesting exceeds limit", "{{" + buildNestedParenExpression(getMaxParenDepth()+1, "1") + "}}", hasError, "template: test:1: max expression depth exceeded"},
-	{"paren nesting in pipeline", "{{ ( ( ( ( (1) ) ) ) ) | printf }}", noError, "{{(((((1))))) | printf}}"},
-	{"paren nesting in pipeline exceeds limit", "{{ " + buildNestedParenExpression(getMaxParenDepth()+1, "1") + " | printf }}", hasError, "template: test:1: max expression depth exceeded"},
-	{"paren nesting with other constructs", "{{if " + buildNestedParenExpression(5, "true") + "}}YES{{end}}", noError, "{{if " + buildNestedParenExpression(5, "true") + "}}\"YES\"{{end}}"},
-	{"paren nesting with other constructs exceeds limit", "{{if " + buildNestedParenExpression(getMaxParenDepth()+1, "true") + "}}YES{{end}}", hasError, "template: test:1: max expression depth exceeded"},
+	{"paren nesting normal", "{{ (( 1 )) }}", noError, "{{((1))}}"},
+	{"paren nesting at limit", "{{ ((( 1 ))) }}", noError, "{{(((1)))}}"},
+	{"paren nesting exceeds limit", "{{ (((( 1 )))) }}", hasError, "template: test:1: max expression depth exceeded"},
+	{"paren nesting in pipeline", "{{ ((( 1 ))) | printf }}", noError, "{{(((1))) | printf}}"},
+	{"paren nesting in pipeline exceeds limit", "{{ (((( 1 )))) | printf }}", hasError, "template: test:1: max expression depth exceeded"},
+	{"paren nesting with other constructs", "{{ if ((( true ))) }}YES{{ end }}", noError, "{{if (((true)))}}\"YES\"{{end}}"},
+	{"paren nesting with other constructs exceeds limit", "{{ if (((( true )))) }}YES{{ end }}", hasError, "template: test:1: max expression depth exceeded"},
 }
 
 var builtins = map[string]any{
@@ -726,17 +730,3 @@ func BenchmarkListString(b *testing.B) {
 		b.Fatal("Benchmark was not run")
 	}
 }
-
-// buildNestedParenExpression is a helper for testing parenthesis depth.
-func buildNestedParenExpression(depth int, content string) string {
-	return strings.Repeat("(", depth) + content + strings.Repeat(")", depth)
-}
-
-// getMaxParenDepth returns the appropriate parenthesis nesting depth limit
-// based on the current architecture.
-func getMaxParenDepth() int {
-	if runtime.GOARCH == "wasm" {
-		return maxExpressionParenDepthWasm
-	}
-	return maxExpressionParenDepth
-}