aboutsummaryrefslogtreecommitdiffstats
path: root/askama_shared/Cargo.toml (unfollow)
Commit message (Collapse)AuthorFilesLines
2022-02-16Make json filter safeLibravatar René Kijewski1-1/+1
Previously the built-in json filter had an issue that made it unsafe to use in HTML data. When used in HTML attributes an attacker who is able to supply an arbitrary string that should be JSON encoded could close the containing HTML element e.g. with `"</div>"`, and write arbitrary HTML code afterwards as long as they use apostrophes instead of quotation marks. The programmer could make this use case safe by explicitly escaping the JSON result: `{{data|json|escape}}`. In a `<script>` context the json filter was not usable at all, because in scripts HTML escaped entities are not parsed outside of XHTML documents. Without using the safe filter an attacker could close the current script using `"</script>"`. This PR fixes the problem by always escaping less-than, greater-than, ampersand, and apostrophe characters using their JSON unicode escape sequence `\u00xx`. Unless the programmer explicitly uses the safe filter, quotation marks are HTML encoded as `&quot`. In scripts the programmer should use the safe filter, otherwise not.
2022-02-07Add markdown filterLibravatar René Kijewski1-0/+2
2022-01-31Remove used optional dependencyLibravatar René Kijewski1-1/+0
2022-01-07Move extension_to_mime_type() to askama_sharedLibravatar René Kijewski1-0/+2
2022-01-04Bump version number for askama_sharedLibravatar Dirkjan Ochtman1-1/+1
2021-11-24Bump version numbersLibravatar Dirkjan Ochtman1-2/+2
2021-11-24Remove authors from Cargo metadata (see RFC 3052)Libravatar Dirkjan Ochtman1-1/+0
2021-08-21Upgrade to nom 7Libravatar Dirkjan Ochtman1-1/+1
2021-08-21Bump version numbers in anticipation of beta releaseLibravatar Dirkjan Ochtman1-1/+1
2021-08-02Upgrade nom to 6.2.1 (bitvec & funty issue)Libravatar Lee Hambley1-2/+1
2021-02-15Rename askama_actix trait method as suggested by clippyLibravatar Dirkjan Ochtman1-1/+1
By bumping the dependency versions for askama and askama_shared, this should be safe.
2021-02-15Fix bitvec broken dependency temporarilyLibravatar Edgar1-0/+1
2020-11-21Disable nom default featuresLibravatar Konrad Borowski1-3/+1
This removes unnecessary lexical feature reducing amount of crates Askama depends on.
2020-11-19Bump version for askama_sharedLibravatar Dirkjan Ochtman1-1/+1
2020-11-17Bump versions to fix semver problemLibravatar Dirkjan Ochtman1-1/+1
2020-11-16Bump version for askama_sharedLibravatar Dirkjan Ochtman1-1/+1
2020-11-02Upgrade to nom 6Libravatar Dirkjan Ochtman1-1/+1
2020-07-28Bump version numbersLibravatar Dirkjan Ochtman1-1/+1
2020-07-14Bump versions to prepare for askama_tide releaseLibravatar Dirkjan Ochtman1-1/+1
2020-06-30Bump askama_shared version with whitespace fixesLibravatar Dirkjan Ochtman1-1/+1
2020-06-30Bump version number for askama_sharedLibravatar Dirkjan Ochtman1-1/+1
2020-06-30Reference READMEs in crate metadataLibravatar Dirkjan Ochtman1-0/+1
2020-06-30Bump version numbersLibravatar Dirkjan Ochtman1-2/+2
2020-03-30add urlencode filterLibravatar João Oliveira1-2/+3
2020-01-29Move code generation into askama_sharedLibravatar Dirkjan Ochtman1-0/+1
2020-01-29Move input module into askama_sharedLibravatar Dirkjan Ochtman1-0/+2
2020-01-29Move parser into askama_sharedLibravatar Dirkjan Ochtman1-0/+3
2020-01-27Bump version to 0.9.1Libravatar Dirkjan Ochtman1-1/+1
2020-01-27Show all filters in docs.rsLibravatar Dirkjan Ochtman1-0/+3
2020-01-15Bump version numbers to 0.9.0Libravatar Dirkjan Ochtman1-2/+2
2020-01-15Make dependencies optional where possibleLibravatar Dirkjan Ochtman1-4/+11
2020-01-15Modernize and simplify importsLibravatar Dirkjan Ochtman1-2/+1
2019-03-18Update toml requirement from 0.4 to 0.5Libravatar dependabot[bot]1-1/+1
Updates the requirements on [toml](https://github.com/alexcrichton/toml-rs) to permit the latest version. - [Release notes](https://github.com/alexcrichton/toml-rs/releases) - [Commits](https://github.com/alexcrichton/toml-rs/compare/0.4.0...0.5.0) Signed-off-by: dependabot[bot] <support@dependabot.com>
2019-01-17Add optional support for yaml filter (see #192)Libravatar Dirkjan Ochtman1-0/+1
2019-01-17Bump versions in anticipation of 0.8.0 releaseLibravatar Dirkjan Ochtman1-2/+2
2018-12-08Upgrade to 2018 editionLibravatar Dirkjan Ochtman1-0/+1
2018-11-16Add filesizeformat filterLibravatar youmouse1-0/+1
2018-11-07Clean up unused featuresLibravatar Dirkjan Ochtman1-7/+0
2018-11-07Create askama_escape crateLibravatar bott1-0/+1
2018-10-08Bump version to 0.7.2Libravatar Dirkjan Ochtman1-1/+1
2018-09-22Add absolute value filterLibravatar bott1-0/+1
2018-07-23Bump versions to 0.7.1Libravatar Dirkjan Ochtman1-1/+1
2018-07-22Add optional implementation for actix_web's Responder traitLibravatar Ryan McGrath1-0/+1
2018-07-10Add partial support for multiple template dirsLibravatar mash1-2/+4
2018-06-22Bump version numbers to 0.7.0Libravatar Dirkjan Ochtman1-1/+1
2018-06-04Converted error-chain based error to enum based errorLibravatar Philipp Korber1-1/+0
- now implements `Send` + `Sync` + `'static` - still implements `std::error::Error`, `Debug`, `Display`, `From<std::fmt::Error>`, `From<::serde_json::Error>`
2018-04-18Version bump to 0.6.2Libravatar Dirkjan Ochtman1-1/+1
2018-04-12Bump version numbers to 0.6.1Libravatar Dirkjan Ochtman1-1/+1
2018-04-12Isolate proc-macro dependency to the proc macroLibravatar David Tolnay1-3/+0
The dependency of askama on askama_shared on syn on libproc_macro used to mean libproc_macro would be dynamically linked into any crate using askama. We want only askama_derive to have a runtime dependency on proc macro. This commit moves all proc macro code from askama_shared into askama_derive so that the askama crate no longer dynamically links libproc_macro.
2018-04-12Bump version numbers to 0.6.0Libravatar Dirkjan Ochtman1-1/+1