aboutsummaryrefslogtreecommitdiffstats
path: root/askama_escape/Cargo.toml (unfollow)
Commit message (Collapse)AuthorFilesLines
2023-01-30Apply clippy suggestions for 1.67 (#769)Libravatar Dirkjan Ochtman1-1/+2
2022-09-26Update criterion requirement from 0.3 to 0.4 (#721)Libravatar dependabot[bot]1-1/+1
Updates the requirements on [criterion](https://github.com/bheisler/criterion.rs) to permit the latest version. - [Release notes](https://github.com/bheisler/criterion.rs/releases) - [Changelog](https://github.com/bheisler/criterion.rs/blob/master/CHANGELOG.md) - [Commits](https://github.com/bheisler/criterion.rs/compare/0.3.0...0.4.0) --- updated-dependencies: - dependency-name: criterion dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-02-16Increment patch versions of askama_{shared,escape}Libravatar René Kijewski1-1/+1
2022-02-16Make json filter safeLibravatar René Kijewski1-0/+3
Previously the built-in json filter had an issue that made it unsafe to use in HTML data. When used in HTML attributes an attacker who is able to supply an arbitrary string that should be JSON encoded could close the containing HTML element e.g. with `"</div>"`, and write arbitrary HTML code afterwards as long as they use apostrophes instead of quotation marks. The programmer could make this use case safe by explicitly escaping the JSON result: `{{data|json|escape}}`. In a `<script>` context the json filter was not usable at all, because in scripts HTML escaped entities are not parsed outside of XHTML documents. Without using the safe filter an attacker could close the current script using `"</script>"`. This PR fixes the problem by always escaping less-than, greater-than, ampersand, and apostrophe characters using their JSON unicode escape sequence `\u00xx`. Unless the programmer explicitly uses the safe filter, quotation marks are HTML encoded as `&quot`. In scripts the programmer should use the safe filter, otherwise not.
2021-11-24Remove authors from Cargo metadata (see RFC 3052)Libravatar Dirkjan Ochtman1-1/+0
2021-08-21Bump version numbers in anticipation of beta releaseLibravatar Dirkjan Ochtman1-1/+1
2020-06-30Add askama_escape README to crate metadataLibravatar Dirkjan Ochtman1-1/+2
2020-06-30Bump version numbersLibravatar Dirkjan Ochtman1-1/+1
2020-01-15Remove obsolete CI badgesLibravatar Dirkjan Ochtman1-2/+0
2020-01-15Bump version numbers to 0.9.0Libravatar Dirkjan Ochtman1-1/+1
2019-08-26Update criterion requirement from 0.2 to 0.3Libravatar dependabot-preview[bot]1-1/+1
Updates the requirements on [criterion](https://github.com/bheisler/criterion.rs) to permit the latest version. - [Release notes](https://github.com/bheisler/criterion.rs/releases) - [Changelog](https://github.com/bheisler/criterion.rs/blob/master/CHANGELOG.md) - [Commits](https://github.com/bheisler/criterion.rs/compare/0.2.0...0.3.0) Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2019-01-17Bump versions in anticipation of 0.8.0 releaseLibravatar Dirkjan Ochtman1-1/+1
2018-12-08Upgrade to 2018 editionLibravatar Dirkjan Ochtman1-0/+1
2018-11-14Move escaping benchmarks into askama_escape crateLibravatar Dirkjan Ochtman1-0/+7
2018-11-07Tweak metadata for new askama_escape crateLibravatar Dirkjan Ochtman1-2/+9
2018-11-07Clean up unused featuresLibravatar Dirkjan Ochtman1-7/+0
2018-11-07Create askama_escape crateLibravatar bott1-11/+4
2018-10-08Bump version to 0.7.2Libravatar Dirkjan Ochtman1-1/+1
2018-09-22Add absolute value filterLibravatar bott1-0/+1
2018-07-23Bump versions to 0.7.1Libravatar Dirkjan Ochtman1-1/+1
2018-07-22Add optional implementation for actix_web's Responder traitLibravatar Ryan McGrath1-0/+1
2018-07-10Add partial support for multiple template dirsLibravatar mash1-2/+4
2018-06-22Bump version numbers to 0.7.0Libravatar Dirkjan Ochtman1-1/+1
2018-06-04Converted error-chain based error to enum based errorLibravatar Philipp Korber1-1/+0
- now implements `Send` + `Sync` + `'static` - still implements `std::error::Error`, `Debug`, `Display`, `From<std::fmt::Error>`, `From<::serde_json::Error>`
2018-04-18Version bump to 0.6.2Libravatar Dirkjan Ochtman1-1/+1
2018-04-12Bump version numbers to 0.6.1Libravatar Dirkjan Ochtman1-1/+1
2018-04-12Isolate proc-macro dependency to the proc macroLibravatar David Tolnay1-3/+0
The dependency of askama on askama_shared on syn on libproc_macro used to mean libproc_macro would be dynamically linked into any crate using askama. We want only askama_derive to have a runtime dependency on proc macro. This commit moves all proc macro code from askama_shared into askama_derive so that the askama crate no longer dynamically links libproc_macro.
2018-04-12Bump version numbers to 0.6.0Libravatar Dirkjan Ochtman1-1/+1
2018-04-02Upgrade to latest syn and quoteLibravatar Dirkjan Ochtman1-2/+2
2018-01-09Upgrade to syn-0.12 and quote-0.4Libravatar Dirkjan Ochtman1-2/+2
2017-09-07Bump version number to 0.5.0Libravatar Dirkjan Ochtman1-1/+1
2017-09-06Update dependency on error-chain to 0.11Libravatar Dirkjan Ochtman1-1/+1
2017-09-06Add package metadata for new askama_shared crateLibravatar Dirkjan Ochtman1-0/+4
2017-09-06Bump version number to 0.4.0Libravatar Dirkjan Ochtman1-1/+1
2017-08-27Move most of the code into new askama_shared crateLibravatar Dirkjan Ochtman1-0/+19
This makes it possible to share code between askama and askama_derive.