aboutsummaryrefslogtreecommitdiffstats
path: root/askama_escape/src/lib.rs (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Remove forward-slash escape (#486)Libravatar Alex Wennerberg2021-05-171-1/+0
| | | | | | | | | | | | | | | This was based off of the OWASP XSS prevention cheat sheet -- https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html#output-encoding-rules-summary However, there isn't really any attack vector based on forward slash alone, and it's being removed in the next version of that document. > There is no proof that escaping forward slash will improve > defense against XSS, if all other special characters are escaped > properly, but it forces developers to use non-standard implementation of > the HTML escaping, what increases the risk of the mistake and makes the > implementation harder. https://github.com/OWASP/CheatSheetSeries/pull/516
* Add no_std support to askama_escapeLibravatar Wim Looman2021-01-151-3/+10
|
* Update `EscapeWriter` HTML implementation to not output empty stringsLibravatar Ciprian Dorin Craciun2020-05-241-1/+5
|
* Update formattingLibravatar Dirkjan Ochtman2019-07-251-4/+1
|
* Change askama_escape to require UTF-8 stringsLibravatar Ram Kaniyur2019-06-141-24/+25
|
* Specify a trait that handles the output format's escapingLibravatar Dirkjan Ochtman2019-01-121-55/+108
|
* Slightly simplify escaping codeLibravatar Dirkjan Ochtman2019-01-121-19/+21
|
* Improved rendering time (#190)Libravatar yossyJ2019-01-061-1/+23
| | | | | | * Improved rendering time * Fix useless codes
* Use 2018 edition idiomsLibravatar Dirkjan Ochtman2018-12-081-3/+3
|
* Create askama_escape crateLibravatar bott2018-11-071-0/+100