| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Using only safe code is actually same as fast as the previous "unsafe"
code according to the crate's benchmark.
The code was extracted from [markup]'s escape function in [escape.rs],
written by Utkarsh Kukreti <utkarshkukreti@gmail.com>, licensed as
`MIT OR Apache-2.0`.
[markup]: https://crates.io/crates/markup
[escape.rs]: https://github.com/utkarshkukreti/markup.rs/blob/8ec40428483790b2c296e907e7be4147b157fe8f/markup/src/escape.rs#L1-L21
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Updates the requirements on [mendes](https://github.com/djc/mendes) to permit the latest version.
- [Release notes](https://github.com/djc/mendes/releases)
- [Commits](https://github.com/djc/mendes/commits)
---
updated-dependencies:
- dependency-name: mendes
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
|
|
|
|
|
| |
* Moved Features into derive, Updated Askama versions to 0.11
* Lock minimal versions to 0.11.2
|
| |
|
| |
|
|
|
|
|
|
| |
It might not be immediately obvious to everyone how easy it is to use
Askama template with std::io (e.g. files) instead of std::fmt, so this
PR adds a few helper methods to make this more obvious to novice users.
|
|
|
|
|
| |
This is a quite useful feature, because you can use templates in
format!(), format_args!(), etc.
|
|
|
|
|
|
| |
The traits Template and DynTemplate need to be in sync with
askama_shared's generator. #647 consolidated the template crating into
askama_shared, this PR moves the trait itself.
|
|
|
|
| |
Error::cause() is deprecated since Rust 1.33.
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
| |
Previously askama_shared exported most of it's internals, so
askama_derive could use them. This is not needed anymore.
|
|
|
|
|
|
|
|
|
|
| |
All the hard work in askama_derive was actually done in askama_shared.
This PR removes the back-and-forth interaction between the two crates.
Now askama_derive is a single re-export of `#[derive(Template)]` which
has to be done in a proc_macro crate.
This most likely means that askama_derive is "final", unless another
derive template needs to be introduced in the future.
|
|
|
|
|
|
|
| |
Before this PR the handling of integrations was done both by
askama_shared and askama_derive. This diff lets askama_shared do the
work. This will prevent problems like #629, when both packages might
come out of sync.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Updates the requirements on [mendes](https://github.com/djc/mendes) to permit the latest version.
- [Release notes](https://github.com/djc/mendes/releases)
- [Commits](https://github.com/djc/mendes/commits)
---
updated-dependencies:
- dependency-name: mendes
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Previously the built-in json filter had an issue that made it unsafe to
use in HTML data. When used in HTML attributes an attacker who is able
to supply an arbitrary string that should be JSON encoded could close
the containing HTML element e.g. with `"</div>"`, and write arbitrary
HTML code afterwards as long as they use apostrophes instead of
quotation marks. The programmer could make this use case safe by
explicitly escaping the JSON result: `{{data|json|escape}}`.
In a `<script>` context the json filter was not usable at all, because
in scripts HTML escaped entities are not parsed outside of XHTML
documents. Without using the safe filter an attacker could close the
current script using `"</script>"`.
This PR fixes the problem by always escaping less-than, greater-than,
ampersand, and apostrophe characters using their JSON unicode escape
sequence `\u00xx`. Unless the programmer explicitly uses the safe
filter, quotation marks are HTML encoded as `"`. In scripts the
programmer should use the safe filter, otherwise not.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Updates the requirements on [actix-test](https://github.com/actix/actix-web) to permit the latest version.
- [Release notes](https://github.com/actix/actix-web/releases)
- [Changelog](https://github.com/actix/actix-web/blob/master/CHANGES.md)
- [Commits](https://github.com/actix/actix-web/compare/test-v0.1.0-beta.12...test-v0.1.0-beta.13)
---
updated-dependencies:
- dependency-name: actix-test
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
| |
Sometimes for no obvious reason an old version is selected and the
output is different in just about every ui test. Just pin it to the
currently newest version and test if an updated version still works when
a new version gets released.
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
| |
Askama understands how to destructure tuples in let and match
statements, but it does not understand how to build a tuple.
This PR fixes this shortcoming.
|
|
|
|
|
|
| |
This change allows using the operator `?` in askama expressions. It
works like the same operator in Rust: if a `Result` is `Ok`, it is
unwrapped. If it is an error, then the `render()` method fails with this
error value.
|