aboutsummaryrefslogtreecommitdiffstats
path: root/askama_shared/Cargo.toml (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Increment patch versions of askama_{shared,escape}Libravatar René Kijewski2022-02-161-1/+1
|
* Make json filter safeLibravatar René Kijewski2022-02-161-1/+1
| | | | | | | | | | | | | | | | | | | | | Previously the built-in json filter had an issue that made it unsafe to use in HTML data. When used in HTML attributes an attacker who is able to supply an arbitrary string that should be JSON encoded could close the containing HTML element e.g. with `"</div>"`, and write arbitrary HTML code afterwards as long as they use apostrophes instead of quotation marks. The programmer could make this use case safe by explicitly escaping the JSON result: `{{data|json|escape}}`. In a `<script>` context the json filter was not usable at all, because in scripts HTML escaped entities are not parsed outside of XHTML documents. Without using the safe filter an attacker could close the current script using `"</script>"`. This PR fixes the problem by always escaping less-than, greater-than, ampersand, and apostrophe characters using their JSON unicode escape sequence `\u00xx`. Unless the programmer explicitly uses the safe filter, quotation marks are HTML encoded as `&quot`. In scripts the programmer should use the safe filter, otherwise not.
* Add markdown filterLibravatar René Kijewski2022-02-071-0/+2
|
* Remove used optional dependencyLibravatar René Kijewski2022-01-311-1/+0
|
* Move extension_to_mime_type() to askama_sharedLibravatar René Kijewski2022-01-071-0/+2
|
* Bump version number for askama_sharedLibravatar Dirkjan Ochtman2022-01-041-1/+1
|
* Bump version numbersLibravatar Dirkjan Ochtman2021-11-241-2/+2
|
* Remove authors from Cargo metadata (see RFC 3052)Libravatar Dirkjan Ochtman2021-11-241-1/+0
|
* Upgrade to nom 7Libravatar Dirkjan Ochtman2021-08-211-1/+1
|
* Bump version numbers in anticipation of beta releaseLibravatar Dirkjan Ochtman2021-08-211-1/+1
|
* Upgrade nom to 6.2.1 (bitvec & funty issue)Libravatar Lee Hambley2021-08-021-2/+1
|
* Rename askama_actix trait method as suggested by clippyLibravatar Dirkjan Ochtman2021-02-151-1/+1
| | | | | By bumping the dependency versions for askama and askama_shared, this should be safe.
* Fix bitvec broken dependency temporarilyLibravatar Edgar2021-02-151-0/+1
|
* Merge pull request #400 from djc/localLibravatar Dirkjan Ochtman2020-12-151-1/+1
|\ | | | | Sync local repo with GitHub
| * Bump version for askama_sharedLibravatar Dirkjan Ochtman2020-11-191-1/+1
| |
| * Bump versions to fix semver problemLibravatar Dirkjan Ochtman2020-11-171-1/+1
| |
* | Disable nom default featuresLibravatar Konrad Borowski2020-11-211-3/+1
|/ | | | | This removes unnecessary lexical feature reducing amount of crates Askama depends on.
* Bump version for askama_sharedLibravatar Dirkjan Ochtman2020-11-161-1/+1
|
* Upgrade to nom 6Libravatar Dirkjan Ochtman2020-11-021-1/+1
|
* Bump version numbersLibravatar Dirkjan Ochtman2020-07-281-1/+1
|
* Bump versions to prepare for askama_tide releaseLibravatar Dirkjan Ochtman2020-07-141-1/+1
|
* Bump askama_shared version with whitespace fixesLibravatar Dirkjan Ochtman2020-06-301-1/+1
|
* Bump version number for askama_sharedLibravatar Dirkjan Ochtman2020-06-301-1/+1
|
* Reference READMEs in crate metadataLibravatar Dirkjan Ochtman2020-06-301-0/+1
|
* Bump version numbersLibravatar Dirkjan Ochtman2020-06-301-2/+2
|
* add urlencode filterLibravatar João Oliveira2020-03-301-2/+3
|
* Move code generation into askama_sharedLibravatar Dirkjan Ochtman2020-01-291-0/+1
|
* Move input module into askama_sharedLibravatar Dirkjan Ochtman2020-01-291-0/+2
|
* Move parser into askama_sharedLibravatar Dirkjan Ochtman2020-01-291-0/+3
|
* Bump version to 0.9.1Libravatar Dirkjan Ochtman2020-01-271-1/+1
|
* Show all filters in docs.rsLibravatar Dirkjan Ochtman2020-01-271-0/+3
|
* Bump version numbers to 0.9.0Libravatar Dirkjan Ochtman2020-01-151-2/+2
|
* Make dependencies optional where possibleLibravatar Dirkjan Ochtman2020-01-151-4/+11
|
* Modernize and simplify importsLibravatar Dirkjan Ochtman2020-01-151-2/+1
|
* Update toml requirement from 0.4 to 0.5Libravatar dependabot[bot]2019-03-181-1/+1
| | | | | | | Updates the requirements on [toml](https://github.com/alexcrichton/toml-rs) to permit the latest version. - [Release notes](https://github.com/alexcrichton/toml-rs/releases) - [Commits](https://github.com/alexcrichton/toml-rs/compare/0.4.0...0.5.0) Signed-off-by: dependabot[bot] <support@dependabot.com>
* Add optional support for yaml filter (see #192)Libravatar Dirkjan Ochtman2019-01-171-0/+1
|
* Bump versions in anticipation of 0.8.0 releaseLibravatar Dirkjan Ochtman2019-01-171-2/+2
|
* Upgrade to 2018 editionLibravatar Dirkjan Ochtman2018-12-081-0/+1
|
* Add filesizeformat filterLibravatar youmouse2018-11-161-0/+1
|
* Clean up unused featuresLibravatar Dirkjan Ochtman2018-11-071-7/+0
|
* Create askama_escape crateLibravatar bott2018-11-071-0/+1
|
* Bump version to 0.7.2Libravatar Dirkjan Ochtman2018-10-081-1/+1
|
* Add absolute value filterLibravatar bott2018-09-221-0/+1
|
* Bump versions to 0.7.1Libravatar Dirkjan Ochtman2018-07-231-1/+1
|
* Add optional implementation for actix_web's Responder traitLibravatar Ryan McGrath2018-07-221-0/+1
|
* Add partial support for multiple template dirsLibravatar mash2018-07-101-2/+4
|
* Bump version numbers to 0.7.0Libravatar Dirkjan Ochtman2018-06-221-1/+1
|
* Converted error-chain based error to enum based errorLibravatar Philipp Korber2018-06-041-1/+0
| | | | | | | - now implements `Send` + `Sync` + `'static` - still implements `std::error::Error`, `Debug`, `Display`, `From<std::fmt::Error>`, `From<::serde_json::Error>`
* Version bump to 0.6.2Libravatar Dirkjan Ochtman2018-04-181-1/+1
|
* Bump version numbers to 0.6.1Libravatar Dirkjan Ochtman2018-04-121-1/+1
|
generated by cgit (git 2.34.1) at 2025-02-16 17:42:02 +0000