askama - [no description]

	Commit message (Collapse)	Author	Age	Files	Lines
*	Advertise Discord channel instead of Gitter	Dirkjan Ochtman	2023-10-03	1	-1/+1
\|
*	Add MSRV checking in CI	Dirkjan Ochtman	2023-09-29	1	-1/+1
\| \| \| \|	Bump MSRV to 1.65 for the use of let .. else.
*	escape: simplify literals as suggested by clippy	Dirkjan Ochtman	2023-08-25	1	-4/+4
\|
*	Update criterion requirement from 0.4 to 0.5	dependabot[bot]	2023-05-24	1	-1/+1
\| \| \| \| \| \| \| \| \| \| \| \| \|	Updates the requirements on [criterion](https://github.com/bheisler/criterion.rs) to permit the latest version. - [Changelog](https://github.com/bheisler/criterion.rs/blob/master/CHANGELOG.md) - [Commits](https://github.com/bheisler/criterion.rs/compare/0.4.0...0.5.0) --- updated-dependencies: - dependency-name: criterion dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>
*	Use lookup table	René Kijewski	2023-03-30	1	-5/+13
\|
*	Escape HTML faster	René Kijewski	2023-03-30	1	-29/+23
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Escaped HTML characters vary in length. So, in order to select the correct replacement two variables need to be loaded: The pointer to the new substring and its length. Because of this the generated code is less dense than it could be. With this PR instead of selecting the appropriate `&str`, an `&&str` is selected. The former consumes two words while the latter consumes only one. Intuitively one might assume that the double dereference makes the code slower, but the optimized lookup seems to be so much faster, so that the change is worth its weight. Comparing the result of `cargo bench` (best out of three runs for both): ```text Old: [4.3592 µs 4.3675 µs 4.3764 µs] New: [3.8691 µs 3.8766 µs 3.8860 µs] Diff: [-11.24 % -11.24 % -12.21 % ] ```
*	Apply clippy suggestions for 1.67 (#769)	Dirkjan Ochtman	2023-01-30	2	-3/+3
\|
*	Update criterion requirement from 0.3 to 0.4 (#721)	dependabot[bot]	2022-09-26	1	-1/+1
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Updates the requirements on [criterion](https://github.com/bheisler/criterion.rs) to permit the latest version. - [Release notes](https://github.com/bheisler/criterion.rs/releases) - [Changelog](https://github.com/bheisler/criterion.rs/blob/master/CHANGELOG.md) - [Commits](https://github.com/bheisler/criterion.rs/compare/0.3.0...0.4.0) --- updated-dependencies: - dependency-name: criterion dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
*	Remove `unsafe { … }` code from askama_escape	René Kijewski	2022-04-13	1	-50/+34
\| \| \| \| \| \| \| \| \| \| \| \|	Using only safe code is actually same as fast as the previous "unsafe" code according to the crate's benchmark. The code was extracted from [markup]'s escape function in [escape.rs], written by Utkarsh Kukreti <utkarshkukreti@gmail.com>, licensed as `MIT OR Apache-2.0`. [markup]: https://crates.io/crates/markup [escape.rs]: https://github.com/utkarshkukreti/markup.rs/blob/8ec40428483790b2c296e907e7be4147b157fe8f/markup/src/escape.rs#L1-L21
*	Increment patch versions of askama_{shared,escape}	René Kijewski	2022-02-16	1	-1/+1
\|
*	Make json filter safe	René Kijewski	2022-02-16	2	-4/+55
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Previously the built-in json filter had an issue that made it unsafe to use in HTML data. When used in HTML attributes an attacker who is able to supply an arbitrary string that should be JSON encoded could close the containing HTML element e.g. with `"</div>"`, and write arbitrary HTML code afterwards as long as they use apostrophes instead of quotation marks. The programmer could make this use case safe by explicitly escaping the JSON result: `{{data\|json\|escape}}`. In a `<script>` context the json filter was not usable at all, because in scripts HTML escaped entities are not parsed outside of XHTML documents. Without using the safe filter an attacker could close the current script using `"</script>"`. This PR fixes the problem by always escaping less-than, greater-than, ampersand, and apostrophe characters using their JSON unicode escape sequence `\u00xx`. Unless the programmer explicitly uses the safe filter, quotation marks are HTML encoded as `&quot`. In scripts the programmer should use the safe filter, otherwise not.
*	Add `#![deny(unreachable_pub)]` to all crates	René Kijewski	2022-01-06	1	-0/+1
\|
*	Omit implicit lifetimes	René Kijewski	2022-01-06	1	-2/+2
\|
*	Add `#[derive(Debug)]` for public types	René Kijewski	2022-01-06	1	-0/+3
\|
*	Fix suggestions from nightly clippy	Dirkjan Ochtman	2021-12-22	1	-0/+1
\|
*	Remove authors from Cargo metadata (see RFC 3052)	Dirkjan Ochtman	2021-11-24	1	-1/+0
\|
*	Bump version numbers in anticipation of beta release	Dirkjan Ochtman	2021-08-21	1	-1/+1
\|
*	Stop eliding lifetimes in paths	Dirkjan Ochtman	2021-07-01	2	-1/+2
\|
*	Remove forward-slash escape (#486)	Alex Wennerberg	2021-05-17	1	-1/+0
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	This was based off of the OWASP XSS prevention cheat sheet -- https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html#output-encoding-rules-summary However, there isn't really any attack vector based on forward slash alone, and it's being removed in the next version of that document. > There is no proof that escaping forward slash will improve > defense against XSS, if all other special characters are escaped > properly, but it forces developers to use non-standard implementation of > the HTML escaping, what increases the risk of the mistake and makes the > implementation harder. https://github.com/OWASP/CheatSheetSeries/pull/516
*	Add no_std support to askama_escape	Wim Looman	2021-01-15	1	-3/+10
\|
*	Add askama_escape README to crate metadata	Dirkjan Ochtman	2020-06-30	1	-1/+2
\|
*	Add README files for subcrates	Dirkjan Ochtman	2020-06-30	1	-0/+9
\|
*	Bump version numbers	Dirkjan Ochtman	2020-06-30	1	-1/+1
\|
*	Add license files to each crate (fixes #339)	Dirkjan Ochtman	2020-06-30	2	-0/+2
\|
*	Update `EscapeWriter` HTML implementation to not output empty strings	Ciprian Dorin Craciun	2020-05-24	1	-1/+5
\|
*	Remove obsolete CI badges	Dirkjan Ochtman	2020-01-15	1	-2/+0
\|
*	Bump version numbers to 0.9.0	Dirkjan Ochtman	2020-01-15	1	-1/+1
\|
*	Update criterion requirement from 0.2 to 0.3	dependabot-preview[bot]	2019-08-26	1	-1/+1
\| \| \| \| \| \| \| \|	Updates the requirements on [criterion](https://github.com/bheisler/criterion.rs) to permit the latest version. - [Release notes](https://github.com/bheisler/criterion.rs/releases) - [Changelog](https://github.com/bheisler/criterion.rs/blob/master/CHANGELOG.md) - [Commits](https://github.com/bheisler/criterion.rs/compare/0.2.0...0.3.0) Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
*	Update formatting	Dirkjan Ochtman	2019-07-25	1	-4/+1
\|
*	Change askama_escape to require UTF-8 strings	Ram Kaniyur	2019-06-14	1	-24/+25
\|
*	Bump versions in anticipation of 0.8.0 release	Dirkjan Ochtman	2019-01-17	1	-1/+1
\|
*	Specify a trait that handles the output format's escaping	Dirkjan Ochtman	2019-01-12	2	-61/+114
\|
*	Slightly simplify escaping code	Dirkjan Ochtman	2019-01-12	1	-19/+21
\|
*	Improved rendering time (#190)	yossyJ	2019-01-06	1	-1/+23
\| \| \| \| \| \|	* Improved rendering time * Fix useless codes
*	Use 2018 edition idioms	Dirkjan Ochtman	2018-12-08	2	-4/+3
\|
*	Upgrade to 2018 edition	Dirkjan Ochtman	2018-12-08	1	-0/+1
\|
*	Move escaping benchmarks into askama_escape crate	Dirkjan Ochtman	2018-11-14	2	-0/+85
\|
*	Tweak metadata for new askama_escape crate	Dirkjan Ochtman	2018-11-07	1	-2/+9
\|
*	Clean up unused features	Dirkjan Ochtman	2018-11-07	1	-7/+0
\|
*	Create askama_escape crate	bott	2018-11-07	2	-0/+116