text/template: limit expression parenthesis nesting

[thevilledev]

Deeply nested parenthesized expressions could cause a stack
overflow during parsing. This change introduces a depth limit
(maxStackDepth) tracked in Tree.stackDepth to prevent this.

Additionally, this commit clarifies the security model in
the package documentation, noting that template authors
are trusted as text/template does not auto-escape.

Fixes #71201

[gopherbot]

This PR (HEAD: f067d5a) has been imported to Gerrit for code review.

Please visit Gerrit at https://go-review.googlesource.com/c/go/+/671755.

Important tips:

• Don't comment on this PR. All discussion takes place in Gerrit.
• You need a Gmail or other Google account to log in to Gerrit.
• To change your code in response to feedback:
  • Push a new commit to the branch used by your GitHub PR.
  • A new "patch set" will then appear in Gerrit.
  • Respond to each comment by marking as Done in Gerrit if implemented as suggested. You can alternatively write a reply.
  • Critical: you must click the blue Reply button near the top to publish your Gerrit responses.
  • Multiple commits in the PR will be squashed by GerritBot.
• The title and description of the GitHub PR are used to construct the final commit message.
  • Edit these as needed via the GitHub web interface (not via Gerrit or git).
  • You should word wrap the PR description at ~76 characters unless you need longer lines (e.g., for tables or URLs).
• See the Sending a change via GitHub and Reviews sections of the Contribution Guide as well as the FAQ for details.

[gopherbot]

Message from Gopher Robot:

Patch Set 1:

Congratulations on opening your first change. Thank you for your contribution!

Next steps:
A maintainer will review your change and provide feedback. See
https://go.dev/doc/contribute#review for more info and tips to get your
patch through code review.

Most changes in the Go project go through a few rounds of revision. This can be
surprising to people new to the project. The careful, iterative review process
is our way of helping mentor contributors and ensuring that their contributions
have a lasting impact.

During May-July and Nov-Jan the Go project is in a code freeze, during which
little code gets reviewed or merged. If a reviewer responds with a comment like
R=go1.11 or adds a tag like "wait-release", it means that this CL will be
reviewed as part of the next development cycle. See https://go.dev/s/release
for more details.

---

Please don’t reply on this GitHub thread. Visit golang.org/cl/671755.
After addressing review feedback, remember to publish your drafts!

[gopherbot]

Message from qiu laidongfeng2:

Patch Set 1: Commit-Queue+1

---

Please don’t reply on this GitHub thread. Visit golang.org/cl/671755.
After addressing review feedback, remember to publish your drafts!

[gopherbot]

Message from Go LUCI:

Patch Set 1:

Dry run: CV is trying the patch.

Bot data: {"action":"start","triggered_at":"2025-05-12T12:10:37Z","revision":"67e7ccc1646d180080043cd98310db31ad504e9b"}

---

Please don’t reply on this GitHub thread. Visit golang.org/cl/671755.
After addressing review feedback, remember to publish your drafts!

[gopherbot]

Message from qiu laidongfeng2:

Patch Set 1: -Commit-Queue

---

Please don’t reply on this GitHub thread. Visit golang.org/cl/671755.
After addressing review feedback, remember to publish your drafts!

[gopherbot]

Message from Go LUCI:

Patch Set 1:

This CL has failed the run. Reason:

Tryjob golang/try/gotip-js-wasm has failed with summary (view all results):

---

• go on master (change 671755)

To reproduce, try gomote repro 8715077077290582049.

Additional links for debugging:

• go tool dist test -json output [shard 2]

Task completed with failure.

---

Please don’t reply on this GitHub thread. Visit golang.org/cl/671755.
After addressing review feedback, remember to publish your drafts!

[gopherbot]

Message from Go LUCI:

Patch Set 1: LUCI-TryBot-Result-1

---

Please don’t reply on this GitHub thread. Visit golang.org/cl/671755.
After addressing review feedback, remember to publish your drafts!

[gopherbot]

This PR (HEAD: 9c1530d) has been imported to Gerrit for code review.

Please visit Gerrit at https://go-review.googlesource.com/c/go/+/671755.

Important tips:

• Don't comment on this PR. All discussion takes place in Gerrit.
• You need a Gmail or other Google account to log in to Gerrit.
• To change your code in response to feedback:
  • Push a new commit to the branch used by your GitHub PR.
  • A new "patch set" will then appear in Gerrit.
  • Respond to each comment by marking as Done in Gerrit if implemented as suggested. You can alternatively write a reply.
  • Critical: you must click the blue Reply button near the top to publish your Gerrit responses.
  • Multiple commits in the PR will be squashed by GerritBot.
• The title and description of the GitHub PR are used to construct the final commit message.
  • Edit these as needed via the GitHub web interface (not via Gerrit or git).
  • You should word wrap the PR description at ~76 characters unless you need longer lines (e.g., for tables or URLs).
• See the Sending a change via GitHub and Reviews sections of the Contribution Guide as well as the FAQ for details.

[gopherbot]

Message from Rob Pike:

Patch Set 2:

(6 comments)

---

Please don’t reply on this GitHub thread. Visit golang.org/cl/671755.
After addressing review feedback, remember to publish your drafts!

[gopherbot]

This PR (HEAD: bd1f53b) has been imported to Gerrit for code review.

Please visit Gerrit at https://go-review.googlesource.com/c/go/+/671755.

Important tips:

• Don't comment on this PR. All discussion takes place in Gerrit.
• You need a Gmail or other Google account to log in to Gerrit.
• To change your code in response to feedback:
  • Push a new commit to the branch used by your GitHub PR.
  • A new "patch set" will then appear in Gerrit.
  • Respond to each comment by marking as Done in Gerrit if implemented as suggested. You can alternatively write a reply.
  • Critical: you must click the blue Reply button near the top to publish your Gerrit responses.
  • Multiple commits in the PR will be squashed by GerritBot.
• The title and description of the GitHub PR are used to construct the final commit message.
  • Edit these as needed via the GitHub web interface (not via Gerrit or git).
  • You should word wrap the PR description at ~76 characters unless you need longer lines (e.g., for tables or URLs).
• See the Sending a change via GitHub and Reviews sections of the Contribution Guide as well as the FAQ for details.

[gopherbot]

Message from Ville Vesilehto:

Patch Set 3:

(2 comments)

---

Please don’t reply on this GitHub thread. Visit golang.org/cl/671755.
After addressing review feedback, remember to publish your drafts!

[gopherbot]

Message from Ville Vesilehto:

Patch Set 3:

(4 comments)

---

Please don’t reply on this GitHub thread. Visit golang.org/cl/671755.
After addressing review feedback, remember to publish your drafts!

[gopherbot]

Message from Rob Pike:

Patch Set 3:

(6 comments)

---

Please don’t reply on this GitHub thread. Visit golang.org/cl/671755.
After addressing review feedback, remember to publish your drafts!

[gopherbot]

This PR (HEAD: f4ebd17) has been imported to Gerrit for code review.

Please visit Gerrit at https://go-review.googlesource.com/c/go/+/671755.

Important tips:

• Don't comment on this PR. All discussion takes place in Gerrit.
• You need a Gmail or other Google account to log in to Gerrit.
• To change your code in response to feedback:
  • Push a new commit to the branch used by your GitHub PR.
  • A new "patch set" will then appear in Gerrit.
  • Respond to each comment by marking as Done in Gerrit if implemented as suggested. You can alternatively write a reply.
  • Critical: you must click the blue Reply button near the top to publish your Gerrit responses.
  • Multiple commits in the PR will be squashed by GerritBot.
• The title and description of the GitHub PR are used to construct the final commit message.
  • Edit these as needed via the GitHub web interface (not via Gerrit or git).
  • You should word wrap the PR description at ~76 characters unless you need longer lines (e.g., for tables or URLs).
• See the Sending a change via GitHub and Reviews sections of the Contribution Guide as well as the FAQ for details.

[gopherbot]

Message from Ville Vesilehto:

Patch Set 4:

(6 comments)

---

Please don’t reply on this GitHub thread. Visit golang.org/cl/671755.
After addressing review feedback, remember to publish your drafts!

[gopherbot]

Message from qiu laidongfeng2:

Patch Set 4: Commit-Queue+1

---

Please don’t reply on this GitHub thread. Visit golang.org/cl/671755.
After addressing review feedback, remember to publish your drafts!

[gopherbot]

Message from Go LUCI:

Patch Set 4:

Dry run: CV is trying the patch.

Bot data: {"action":"start","triggered_at":"2025-05-14T13:45:57Z","revision":"a794cf733d2ef1f8f3f6545c21c341772deedaa9"}

---

Please don’t reply on this GitHub thread. Visit golang.org/cl/671755.
After addressing review feedback, remember to publish your drafts!

[gopherbot]

Message from Go LUCI:

Patch Set 4: LUCI-TryBot-Result-1

Copied votes on follow-up patch sets have been updated:

• LUCI-TryBot-Result-1 has been copied to patch set 5 (copy condition: "changekind:NO_CODE_CHANGE").

---

Please don’t reply on this GitHub thread. Visit golang.org/cl/671755.
After addressing review feedback, remember to publish your drafts!

[gopherbot]

Message from Go LUCI:

Patch Set 5:

Dry run: CV is trying the patch.

Bot data: {"action":"start","triggered_at":"2025-05-14T14:51:47Z","revision":"70adf825821e8a12f2254f9abdde21c3a067c08d"}

---

Please don’t reply on this GitHub thread. Visit golang.org/cl/671755.
After addressing review feedback, remember to publish your drafts!

[gopherbot]

Message from qiu laidongfeng2:

Patch Set 5: -Commit-Queue

---

Please don’t reply on this GitHub thread. Visit golang.org/cl/671755.
After addressing review feedback, remember to publish your drafts!

[gopherbot]

Message from Go LUCI:

Patch Set 5:

This CL has failed the run. Reason:

Failed Tryjobs:

• golang/try/gotip-js-wasm. Summary (view all results):

---

Task did not start, no resource

---

• golang/try/gotip-linux-386. Summary (view all results):

---

Task did not start, no resource

---

• golang/try/gotip-linux-386_debiansid. Summary (view all results):

---

Task did not start, no resource

---

• golang/try/gotip-linux-amd64. Summary (view all results):

---

Task did not start, no resource

---

• golang/try/gotip-linux-amd64-aliastypeparams. Summary (view all results):

---

Task did not start, no resource

---

• golang/try/gotip-linux-amd64-boringcrypto. Summary (view all results):

---

Task did not start, no resource

---

• golang/try/gotip-linux-amd64-misccompile. Summary (view all results):

---

Task did not start, no resource

---

• golang/try/gotip-linux-amd64-newinliner. Summary (view all results):

---

Task did not start, no resource

---

• golang/try/gotip-linux-amd64-race. Summary (view all results):

---

Task did not start, no resource

---

• golang/try/gotip-linux-amd64_debiansid. Summary (view all results):

---

Task did not start, no resource

---

• golang/try/gotip-linux-arm64. Summary (view all results):

---

Task did not start, no resource

---

• golang/try/gotip-linux-arm64-boringcrypto. Summary (view all results):

---

Task did not start, no resource

---

• golang/try/gotip-wasip1-wasm_wasmtime. Summary (view all results):

---

Task did not start, no resource

---

• golang/try/gotip-wasip1-wasm_wazero. Summary (view all results):

---

Task did not start, no resource

---

• golang/try/gotip-windows-386. Summary (view all results):

---

Task did not start, no resource

---

---

Please don’t reply on this GitHub thread. Visit golang.org/cl/671755.
After addressing review feedback, remember to publish your drafts!

[gopherbot]

Message from Go LUCI:

Patch Set 5: LUCI-TryBot-Result-1

---

Please don’t reply on this GitHub thread. Visit golang.org/cl/671755.
After addressing review feedback, remember to publish your drafts!

[gopherbot]

Message from Rob Pike:

Patch Set 6: Code-Review+2

---

Please don’t reply on this GitHub thread. Visit golang.org/cl/671755.
After addressing review feedback, remember to publish your drafts!

[gopherbot]

Message from Roland Shoemaker:

Patch Set 6: Commit-Queue+1

---

Please don’t reply on this GitHub thread. Visit golang.org/cl/671755.
After addressing review feedback, remember to publish your drafts!

[gopherbot]

Message from Go LUCI:

Patch Set 6:

Dry run: CV is trying the patch.

Bot data: {"action":"start","triggered_at":"2025-05-15T15:04:47Z","revision":"cb27c12a3a13e422efb697ae8fb3023077caa398"}

---

Please don’t reply on this GitHub thread. Visit golang.org/cl/671755.
After addressing review feedback, remember to publish your drafts!

[gopherbot]

Message from Roland Shoemaker:

Patch Set 6: -Commit-Queue

---

Please don’t reply on this GitHub thread. Visit golang.org/cl/671755.
After addressing review feedback, remember to publish your drafts!

[gopherbot]

Message from Go LUCI:

Patch Set 6:

This CL has passed the run

---

Please don’t reply on this GitHub thread. Visit golang.org/cl/671755.
After addressing review feedback, remember to publish your drafts!

[gopherbot]

Message from Go LUCI:

Patch Set 6: LUCI-TryBot-Result+1

---

Please don’t reply on this GitHub thread. Visit golang.org/cl/671755.
After addressing review feedback, remember to publish your drafts!

[gopherbot]

Message from Roland Shoemaker:

Patch Set 6: Code-Review+1

---

Please don’t reply on this GitHub thread. Visit golang.org/cl/671755.
After addressing review feedback, remember to publish your drafts!

[gopherbot]

Message from Michael Knyszek:

Patch Set 6: Code-Review+1

---

Please don’t reply on this GitHub thread. Visit golang.org/cl/671755.
After addressing review feedback, remember to publish your drafts!