aboutsummaryrefslogtreecommitdiffstats
path: root/askama_shared/src (unfollow)
Commit message (Collapse)AuthorFilesLines
2022-03-23Move handling of integrations into askama_sharedLibravatar René Kijewski2-50/+27
Before this PR the handling of integrations was done both by askama_shared and askama_derive. This diff lets askama_shared do the work. This will prevent problems like #629, when both packages might come out of sync.
2022-03-23Fix clippy warningLibravatar René Kijewski1-1/+1
2022-02-25Actix Web v4.0 is hereLibravatar René Kijewski1-4/+4
2022-02-16Make json filter safeLibravatar René Kijewski2-17/+24
Previously the built-in json filter had an issue that made it unsafe to use in HTML data. When used in HTML attributes an attacker who is able to supply an arbitrary string that should be JSON encoded could close the containing HTML element e.g. with `"</div>"`, and write arbitrary HTML code afterwards as long as they use apostrophes instead of quotation marks. The programmer could make this use case safe by explicitly escaping the JSON result: `{{data|json|escape}}`. In a `<script>` context the json filter was not usable at all, because in scripts HTML escaped entities are not parsed outside of XHTML documents. Without using the safe filter an attacker could close the current script using `"</script>"`. This PR fixes the problem by always escaping less-than, greater-than, ampersand, and apostrophe characters using their JSON unicode escape sequence `\u00xx`. Unless the programmer explicitly uses the safe filter, quotation marks are HTML encoded as `&quot`. In scripts the programmer should use the safe filter, otherwise not.
2022-02-09askama_mendes: upgrade mendes to 0.0.62 (#636)Libravatar Dirkjan Ochtman1-1/+1
2022-02-07Add markdown filterLibravatar René Kijewski2-3/+94
2022-02-07Enable tracking of the offending span of an errorLibravatar René Kijewski1-5/+24
2022-02-03Take reference to AST ident only onceLibravatar René Kijewski1-12/+17
2022-02-03Replace if-let with matchLibravatar René Kijewski1-4/+6
2022-02-03Replace custom Cow with actual CowLibravatar René Kijewski3-47/+42
2022-01-31Remove `panic!()` in `loop.cycle([])`Libravatar René Kijewski1-1/+1
2022-01-31Don't wrap in StrLit just to extract the str imm.Libravatar René Kijewski1-20/+4
2022-01-31Update comment in TemplateInput::new()Libravatar René Kijewski1-1/+1
2022-01-31Make is_shadowing_variable() failableLibravatar René Kijewski1-12/+24
2022-01-31Allow comments in `{% match %}` and remove panic!Libravatar René Kijewski1-19/+2
2022-01-28Parse tuple expressionsLibravatar René Kijewski2-3/+163
Askama understands how to destructure tuples in let and match statements, but it does not understand how to build a tuple. This PR fixes this shortcoming.
2022-01-28 Implement error propagation expression: `?` (#590)Libravatar René Kijewski3-6/+30
This change allows using the operator `?` in askama expressions. It works like the same operator in Rust: if a `Result` is `Ok`, it is unwrapped. If it is an error, then the `render()` method fails with this error value.
2022-01-27Unify handling of calls (#614)Libravatar René Kijewski2-145/+157
Instead of having `Expr::VarCall`, `Expr::PathCall` and `Expr::MethodCall`, this PR unifies the handling of calls by removing the former three variants, and introducing `Expr::Call`.
2022-01-24Replace `&PathBuf` with `&Path`Libravatar René Kijewski2-9/+9
PathBuf is to String like Path is to str, so `&PathBuf` is a pointer to a pointer. Clippy does not likes that.
2022-01-13Tweak attribute parsing some moreLibravatar Dirkjan Ochtman1-10/+7
2022-01-13Make sure '#[template(…)]' is given exactly onceLibravatar René Kijewski1-16/+22
2022-01-13Rename "meta" in proc_macro parserLibravatar René Kijewski1-3/+3
2022-01-12Add template argument for contexts' hasherLibravatar René Kijewski1-2/+2
In askama_shared::generate a custom hasher for the contexts can be given, so Heritage needs to accept the argument to.
2022-01-12`&Option<T>` → `Option<&T>`Libravatar René Kijewski1-3/+3
2022-01-12Fully qualify some more paths in generated codeLibravatar René Kijewski1-3/+3
2022-01-07Determine Content-Type during compilationLibravatar René Kijewski2-0/+10
2022-01-07Make TemplateInput::extension() reusableLibravatar René Kijewski1-1/+7
2022-01-07Unshadow function escaping()Libravatar René Kijewski1-3/+3
2022-01-07Move extension_to_mime_type() to askama_sharedLibravatar René Kijewski2-0/+28
2022-01-06Optimize parsing of rangesLibravatar René Kijewski1-17/+13
Right now almost every expression needs to be parsed twice: `expr_any()` first parses the left-hand side of a range expression, and if no `..` or `..=` was found the left-hand expression is parsed again, this time as the result of the function. This diff removes the second parsing step by first looking for `.. (opt rhs)`, then for `lhs .. (opt rhs)`.
2022-01-06Add `#[inline]` to trivial trait implementationsLibravatar René Kijewski1-0/+9
2022-01-06Remove the iron integration from generatorLibravatar René Kijewski2-27/+0
Issue #527 removed the askama_iron package, but not the integration if someone uses askama_derive's feature with "iron". The old askama_iron crate uses askama v0.10, so it will still work.
2022-01-06Add `#![forbid(unsafe_code)]` to all crates except askama_escapeLibravatar René Kijewski1-0/+1
2022-01-06Add `#![deny(unreachable_pub)]` to all cratesLibravatar René Kijewski1-0/+1
2022-01-06Omit implicit lifetimesLibravatar René Kijewski4-7/+7
2022-01-06Same number of repeats in macro pattern and bodyLibravatar René Kijewski1-1/+1
2022-01-06No need to build a String when it gets referenced as &str implicitlyLibravatar René Kijewski1-6/+0
2022-01-06Combine imports from the same moduleLibravatar René Kijewski1-2/+1
2022-01-05Update for actix-web betaLibravatar René Kijewski1-7/+3
2022-01-04askama_rocket: revert to rocket 0.4 for releaseLibravatar Dirkjan Ochtman1-2/+4
2022-01-04askama_actix: revert to actix-web v3 for releaseLibravatar Dirkjan Ochtman1-3/+4
2021-12-15Use a separate trait for object safety (#579)Libravatar Dirkjan Ochtman1-17/+5
This is relatively major change to the main trait's API. For context, I always started from the concept of monomorphized traits, but later several contributors asked about object safety. At that point I made `Template` object-safe, and then even later added a `SizedTemplate` to make some things easier for people who don't need object safety. However, having object-safety in the primary trait is bad for performance (a substantial number of calls into the virtual `Write` trait is relatively slow), and I don't think those who don't need object safety should pay for the cost of having it. Additionally, I feel using associated consts for the extension and size hint is more idiomatic than having accessor methods. I don't know why I didn't use these from the start -- maybe associated consts didn't exist yet, or I didn't yet know how/when to use them. Askama is pretty old at this point...
2021-12-14updated for actix-web 4.0.0-beta.14Libravatar CrunkLord4201-1/+2
2021-12-08Use char for patterns where possibleLibravatar Dirkjan Ochtman2-3/+3
2021-12-05Update axum to 0.4 (by switching to axum-core)Libravatar Michael Alyn Miller1-5/+3
2021-12-01Move askama_mendes integration into Askama repo (#561)Libravatar Dirkjan Ochtman1-2/+2
2021-11-29Allow whitespace trimming in {{raw}} blocksLibravatar René Kijewski2-18/+21
2021-11-27Add Axum integrationLibravatar Michael Alyn Miller2-0/+19
2021-11-24Simplify take_content() implementationLibravatar René Kijewski1-43/+37
2021-11-24Parse `&str` instead of `&[u8]`Libravatar René Kijewski1-132/+120
Askama's takes valid UTF-8 files as input. So why operate on byte slices instead of strings? This makes writing some functions a lot simpler.