aboutsummaryrefslogtreecommitdiffstats
path: root/askama_shared/src/generator.rs (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Actix Web v4.0 is hereLibravatar René Kijewski2022-02-251-4/+4
|
* Make json filter safeLibravatar René Kijewski2022-02-161-1/+1
| | | | | | | | | | | | | | | | | | | | | Previously the built-in json filter had an issue that made it unsafe to use in HTML data. When used in HTML attributes an attacker who is able to supply an arbitrary string that should be JSON encoded could close the containing HTML element e.g. with `"</div>"`, and write arbitrary HTML code afterwards as long as they use apostrophes instead of quotation marks. The programmer could make this use case safe by explicitly escaping the JSON result: `{{data|json|escape}}`. In a `<script>` context the json filter was not usable at all, because in scripts HTML escaped entities are not parsed outside of XHTML documents. Without using the safe filter an attacker could close the current script using `"</script>"`. This PR fixes the problem by always escaping less-than, greater-than, ampersand, and apostrophe characters using their JSON unicode escape sequence `\u00xx`. Unless the programmer explicitly uses the safe filter, quotation marks are HTML encoded as `&quot`. In scripts the programmer should use the safe filter, otherwise not.
* askama_mendes: upgrade mendes to 0.0.62 (#636)Libravatar Dirkjan Ochtman2022-02-091-1/+1
|
* Add markdown filterLibravatar René Kijewski2022-02-071-0/+41
|
* Replace if-let with matchLibravatar René Kijewski2022-02-031-4/+6
|
* Replace custom Cow with actual CowLibravatar René Kijewski2022-02-031-23/+21
|
* Remove `panic!()` in `loop.cycle([])`Libravatar René Kijewski2022-01-311-1/+1
|
* Make is_shadowing_variable() failableLibravatar René Kijewski2022-01-311-12/+24
|
* Parse tuple expressionsLibravatar René Kijewski2022-01-281-0/+18
| | | | | | | Askama understands how to destructure tuples in let and match statements, but it does not understand how to build a tuple. This PR fixes this shortcoming.
* Implement error propagation expression: `?` (#590)Libravatar René Kijewski2022-01-281-0/+12
| | | | | | This change allows using the operator `?` in askama expressions. It works like the same operator in Rust: if a `Result` is `Ok`, it is unwrapped. If it is an error, then the `render()` method fails with this error value.
* Unify handling of calls (#614)Libravatar René Kijewski2022-01-271-79/+31
| | | | | Instead of having `Expr::VarCall`, `Expr::PathCall` and `Expr::MethodCall`, this PR unifies the handling of calls by removing the former three variants, and introducing `Expr::Call`.
* Replace `&PathBuf` with `&Path`Libravatar René Kijewski2022-01-241-7/+7
| | | | | PathBuf is to String like Path is to str, so `&PathBuf` is a pointer to a pointer. Clippy does not likes that.
* `&Option<T>` → `Option<&T>`Libravatar René Kijewski2022-01-121-3/+3
|
* Fully qualify some more paths in generated codeLibravatar René Kijewski2022-01-121-3/+3
|
* Determine Content-Type during compilationLibravatar René Kijewski2022-01-071-0/+4
|
* Add `#[inline]` to trivial trait implementationsLibravatar René Kijewski2022-01-061-0/+9
|
* Remove the iron integration from generatorLibravatar René Kijewski2022-01-061-26/+0
| | | | | | | Issue #527 removed the askama_iron package, but not the integration if someone uses askama_derive's feature with "iron". The old askama_iron crate uses askama v0.10, so it will still work.
* Omit implicit lifetimesLibravatar René Kijewski2022-01-061-1/+1
|
* Update for actix-web betaLibravatar René Kijewski2022-01-051-7/+3
|
* askama_rocket: revert to rocket 0.4 for releaseLibravatar Dirkjan Ochtman2022-01-041-2/+4
|
* askama_actix: revert to actix-web v3 for releaseLibravatar Dirkjan Ochtman2022-01-041-3/+4
|
* Use a separate trait for object safety (#579)Libravatar Dirkjan Ochtman2021-12-151-17/+5
| | | | | | | | | | | | | | | | | | This is relatively major change to the main trait's API. For context, I always started from the concept of monomorphized traits, but later several contributors asked about object safety. At that point I made `Template` object-safe, and then even later added a `SizedTemplate` to make some things easier for people who don't need object safety. However, having object-safety in the primary trait is bad for performance (a substantial number of calls into the virtual `Write` trait is relatively slow), and I don't think those who don't need object safety should pay for the cost of having it. Additionally, I feel using associated consts for the extension and size hint is more idiomatic than having accessor methods. I don't know why I didn't use these from the start -- maybe associated consts didn't exist yet, or I didn't yet know how/when to use them. Askama is pretty old at this point...
* updated for actix-web 4.0.0-beta.14Libravatar CrunkLord4202021-12-141-1/+2
|
* Use char for patterns where possibleLibravatar Dirkjan Ochtman2021-12-081-1/+1
|
* Update axum to 0.4 (by switching to axum-core)Libravatar Michael Alyn Miller2021-12-051-5/+3
|
* Move askama_mendes integration into Askama repo (#561)Libravatar Dirkjan Ochtman2021-12-011-2/+2
|
* Allow whitespace trimming in {{raw}} blocksLibravatar René Kijewski2021-11-291-2/+2
|
* Add Axum integrationLibravatar Michael Alyn Miller2021-11-271-0/+18
|
* Added support for optional escaper for escape filter (resolves #556)Libravatar vallentin2021-11-191-2/+36
|
* Implement `for … in … if …`Libravatar René Kijewski2021-11-111-29/+27
|
* Implement for-elseLibravatar René Kijewski2021-11-111-17/+26
| | | | | | | | | | | | | This PR implements for-else statements like in Jinja. They make it easy to print an alternative message if the loop iterator was empty. E.g. ```rs {% for result in result %} <li>{{ result }}</li> {% else %} <li><em>no results</em></li> {% endfor %} ```
* Prepare for actix-web v4 (#553)Libravatar Sergey Pashinin2021-11-111-4/+2
|
* Implement {{loop.cycle(…)}} similar to JinjaLibravatar René Kijewski2021-11-111-7/+30
|
* Fix support for raw method identifiersLibravatar Kelly Thomas Kline2021-10-131-1/+1
|
* Add {% break %} and {% continue %}Libravatar René Kijewski2021-08-301-0/+10
| | | | | This PR adds `{% break %}` and `{% continue %}` statements to break out of a loop, or continue with the next element of the iterator.
* Parse boolean literals in assignment targetsLibravatar René Kijewski2021-08-251-0/+6
| | | | | | | | 268d825 introduced a regression that made matching against boolean literals impossible. E.g. "true" was interpreted as the variable "r#true". This PR fixes the problem. The bug was reported by @Restioson in issue #531.
* Use "target()" to parse "when" blockLibravatar René Kijewski2021-07-301-102/+42
| | | | | | | | | | | | `target()` as used in parsing "let" and "if let" implements parsing nested tuples and structs. But it does not implement parsing literals. The functions `match_variant()` and `with_parameters()` as used in parsing "when" blocks do not implement parsing nested structs, but it implements parsing literals. This PR combines `match_variant()` and `with_parameters()` into `target()`, so that all `{%when%}` support nested structs, too.
* Implement destructoring of structsLibravatar René Kijewski2021-07-051-2/+17
| | | | | This PR implements the destructoring of structs on the lhs of "let" and "for" statements.
* Parse nested tuples in "let" statement lhsLibravatar René Kijewski2021-07-051-3/+3
|
* Reduce code duplication for writing targetsLibravatar René Kijewski2021-07-051-22/+9
| | | | | This change also fixes a bug in the loop generator, which failed for shadowed variables.
* Move logic where target shadows or declares a variable into methodLibravatar René Kijewski2021-07-051-23/+33
|
* Remove needless deref, only to ref it a few lines downLibravatar René Kijewski2021-07-051-4/+4
|
* Remove duplicated code in generatorLibravatar René Kijewski2021-07-051-17/+1
|
* Prepare generator::visit_target() for nested targetsLibravatar René Kijewski2021-07-051-4/+2
| | | | | | | | By now only non-nested tuples are accepted by the parser, but this will change. This change makes visit_target() call itself for items in a tuple. So enable the function to call itself, I needed to fix the lifetime annotation, because the references inside a Target instance may outlife a reference to instance itself.
* Stop eliding lifetimes in pathsLibravatar Dirkjan Ochtman2021-07-011-49/+69
|
* Implement "if let" statementLibravatar René Kijewski2021-07-011-12/+27
|
* Use "if let Some(_)" instead of matchLibravatar René Kijewski2021-07-011-21/+18
|
* Move visit_match_params into its own methodLibravatar René Kijewski2021-07-011-38/+42
|
* Fixed loop generator when accessing field (fixes 494)Libravatar vallentin2021-06-231-0/+6
|
* Fix code generation for macro calls that store args in variables.Libravatar Ryan Kelly2021-06-221-1/+4
|