aboutsummaryrefslogtreecommitdiffstats
path: root/askama_escape/src/lib.rs (unfollow)
Commit message (Collapse)AuthorFilesLines
2021-05-17Remove forward-slash escape (#486)Libravatar Alex Wennerberg1-1/+0
This was based off of the OWASP XSS prevention cheat sheet -- https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html#output-encoding-rules-summary However, there isn't really any attack vector based on forward slash alone, and it's being removed in the next version of that document. > There is no proof that escaping forward slash will improve > defense against XSS, if all other special characters are escaped > properly, but it forces developers to use non-standard implementation of > the HTML escaping, what increases the risk of the mistake and makes the > implementation harder. https://github.com/OWASP/CheatSheetSeries/pull/516
2021-01-15Add no_std support to askama_escapeLibravatar Wim Looman1-3/+10
2020-05-24Update `EscapeWriter` HTML implementation to not output empty stringsLibravatar Ciprian Dorin Craciun1-1/+5
2019-07-25Update formattingLibravatar Dirkjan Ochtman1-4/+1
2019-06-14Change askama_escape to require UTF-8 stringsLibravatar Ram Kaniyur1-24/+25
2019-01-12Specify a trait that handles the output format's escapingLibravatar Dirkjan Ochtman1-55/+108
2019-01-12Slightly simplify escaping codeLibravatar Dirkjan Ochtman1-19/+21
2019-01-06Improved rendering time (#190)Libravatar yossyJ1-1/+23
* Improved rendering time * Fix useless codes
2018-12-08Use 2018 edition idiomsLibravatar Dirkjan Ochtman1-3/+3
2018-11-07Create askama_escape crateLibravatar bott1-0/+0
2018-11-05Reorder and tweak code style a little bitLibravatar Dirkjan Ochtman1-19/+18
2018-11-05Improve performance simplifyLibravatar bott1-32/+20
2018-11-05Escape into FormatterLibravatar Dirkjan Ochtman1-50/+53
2018-11-05Improve performance of html escapeLibravatar bott1-46/+39
2018-10-25Fix off-by-one error with HTML escapingLibravatar Benjamin Li1-1/+2
If the second-to-last character of a string should be escaped, but not the last, the last character was not being included in the result.
2018-06-21Fix formatting with cargo fmtLibravatar Dirkjan Ochtman1-13/+34
2017-11-21Apply suggestions from rustfmt to improve styleLibravatar Dirkjan Ochtman1-8/+4
2017-09-07Rewrite escapable() to prevent duplicationLibravatar Dirkjan Ochtman1-3/+6
2017-09-07Extend escaping according to OWASP recommendationsLibravatar Dirkjan Ochtman1-2/+5
2017-09-04Escape all strings with character entities by default (fixes #23)Libravatar Dirkjan Ochtman1-0/+43
2017-09-04Move escaping algorithm into a separate moduleLibravatar Dirkjan Ochtman1-0/+50