aboutsummaryrefslogtreecommitdiffstats
path: root/askama_shared (unfollow)
Commit message (Collapse)AuthorFilesLines
2022-02-16Increment patch versions of askama_{shared,escape}Libravatar René Kijewski1-1/+1
2022-02-16Make json filter safeLibravatar René Kijewski3-18/+25
Previously the built-in json filter had an issue that made it unsafe to use in HTML data. When used in HTML attributes an attacker who is able to supply an arbitrary string that should be JSON encoded could close the containing HTML element e.g. with `"</div>"`, and write arbitrary HTML code afterwards as long as they use apostrophes instead of quotation marks. The programmer could make this use case safe by explicitly escaping the JSON result: `{{data|json|escape}}`. In a `<script>` context the json filter was not usable at all, because in scripts HTML escaped entities are not parsed outside of XHTML documents. Without using the safe filter an attacker could close the current script using `"</script>"`. This PR fixes the problem by always escaping less-than, greater-than, ampersand, and apostrophe characters using their JSON unicode escape sequence `\u00xx`. Unless the programmer explicitly uses the safe filter, quotation marks are HTML encoded as `&quot`. In scripts the programmer should use the safe filter, otherwise not.
2022-02-09askama_mendes: upgrade mendes to 0.0.62 (#636)Libravatar Dirkjan Ochtman1-1/+1
2022-02-07Add markdown filterLibravatar René Kijewski3-3/+96
2022-02-07Enable tracking of the offending span of an errorLibravatar René Kijewski1-5/+24
2022-02-03Take reference to AST ident only onceLibravatar René Kijewski1-12/+17
2022-02-03Replace if-let with matchLibravatar René Kijewski1-4/+6
2022-02-03Replace custom Cow with actual CowLibravatar René Kijewski3-47/+42
2022-01-31Remove used optional dependencyLibravatar René Kijewski1-1/+0
2022-01-31Remove `panic!()` in `loop.cycle([])`Libravatar René Kijewski1-1/+1
2022-01-31Don't wrap in StrLit just to extract the str imm.Libravatar René Kijewski1-20/+4
2022-01-31Update comment in TemplateInput::new()Libravatar René Kijewski1-1/+1
2022-01-31Make is_shadowing_variable() failableLibravatar René Kijewski1-12/+24
2022-01-31Allow comments in `{% match %}` and remove panic!Libravatar René Kijewski1-19/+2
2022-01-28Parse tuple expressionsLibravatar René Kijewski2-3/+163
Askama understands how to destructure tuples in let and match statements, but it does not understand how to build a tuple. This PR fixes this shortcoming.
2022-01-28 Implement error propagation expression: `?` (#590)Libravatar René Kijewski3-6/+30
This change allows using the operator `?` in askama expressions. It works like the same operator in Rust: if a `Result` is `Ok`, it is unwrapped. If it is an error, then the `render()` method fails with this error value.
2022-01-27Unify handling of calls (#614)Libravatar René Kijewski2-145/+157
Instead of having `Expr::VarCall`, `Expr::PathCall` and `Expr::MethodCall`, this PR unifies the handling of calls by removing the former three variants, and introducing `Expr::Call`.
2022-01-24Replace `&PathBuf` with `&Path`Libravatar René Kijewski2-9/+9
PathBuf is to String like Path is to str, so `&PathBuf` is a pointer to a pointer. Clippy does not likes that.
2022-01-13Tweak attribute parsing some moreLibravatar Dirkjan Ochtman1-10/+7
2022-01-13Make sure '#[template(…)]' is given exactly onceLibravatar René Kijewski1-16/+22
2022-01-13Rename "meta" in proc_macro parserLibravatar René Kijewski1-3/+3
2022-01-12Add template argument for contexts' hasherLibravatar René Kijewski1-2/+2
In askama_shared::generate a custom hasher for the contexts can be given, so Heritage needs to accept the argument to.
2022-01-12`&Option<T>` → `Option<&T>`Libravatar René Kijewski1-3/+3
2022-01-12Fully qualify some more paths in generated codeLibravatar René Kijewski1-3/+3
2022-01-07Determine Content-Type during compilationLibravatar René Kijewski2-0/+10
2022-01-07Make TemplateInput::extension() reusableLibravatar René Kijewski1-1/+7
2022-01-07Unshadow function escaping()Libravatar René Kijewski1-3/+3
2022-01-07Move extension_to_mime_type() to askama_sharedLibravatar René Kijewski3-0/+30
2022-01-06Optimize parsing of rangesLibravatar René Kijewski1-17/+13
Right now almost every expression needs to be parsed twice: `expr_any()` first parses the left-hand side of a range expression, and if no `..` or `..=` was found the left-hand expression is parsed again, this time as the result of the function. This diff removes the second parsing step by first looking for `.. (opt rhs)`, then for `lhs .. (opt rhs)`.
2022-01-06Add `#[inline]` to trivial trait implementationsLibravatar René Kijewski1-0/+9
2022-01-06Remove the iron integration from generatorLibravatar René Kijewski2-27/+0
Issue #527 removed the askama_iron package, but not the integration if someone uses askama_derive's feature with "iron". The old askama_iron crate uses askama v0.10, so it will still work.
2022-01-06Add `#![forbid(unsafe_code)]` to all crates except askama_escapeLibravatar René Kijewski1-0/+1
2022-01-06Add `#![deny(unreachable_pub)]` to all cratesLibravatar René Kijewski1-0/+1
2022-01-06Omit implicit lifetimesLibravatar René Kijewski4-7/+7
2022-01-06Same number of repeats in macro pattern and bodyLibravatar René Kijewski1-1/+1
2022-01-06No need to build a String when it gets referenced as &str implicitlyLibravatar René Kijewski1-6/+0
2022-01-06Combine imports from the same moduleLibravatar René Kijewski1-2/+1
2022-01-05Update for actix-web betaLibravatar René Kijewski1-7/+3
2022-01-04Bump version number for askama_sharedLibravatar Dirkjan Ochtman1-1/+1
2022-01-04askama_rocket: revert to rocket 0.4 for releaseLibravatar Dirkjan Ochtman1-2/+4
2022-01-04askama_actix: revert to actix-web v3 for releaseLibravatar Dirkjan Ochtman1-3/+4
2021-12-15Use a separate trait for object safety (#579)Libravatar Dirkjan Ochtman1-17/+5
This is relatively major change to the main trait's API. For context, I always started from the concept of monomorphized traits, but later several contributors asked about object safety. At that point I made `Template` object-safe, and then even later added a `SizedTemplate` to make some things easier for people who don't need object safety. However, having object-safety in the primary trait is bad for performance (a substantial number of calls into the virtual `Write` trait is relatively slow), and I don't think those who don't need object safety should pay for the cost of having it. Additionally, I feel using associated consts for the extension and size hint is more idiomatic than having accessor methods. I don't know why I didn't use these from the start -- maybe associated consts didn't exist yet, or I didn't yet know how/when to use them. Askama is pretty old at this point...
2021-12-14updated for actix-web 4.0.0-beta.14Libravatar CrunkLord4201-1/+2
2021-12-08Use char for patterns where possibleLibravatar Dirkjan Ochtman2-3/+3
2021-12-05Update axum to 0.4 (by switching to axum-core)Libravatar Michael Alyn Miller1-5/+3
2021-12-01Move askama_mendes integration into Askama repo (#561)Libravatar Dirkjan Ochtman1-2/+2
2021-11-29Allow whitespace trimming in {{raw}} blocksLibravatar René Kijewski2-18/+21
2021-11-27Add Axum integrationLibravatar Michael Alyn Miller2-0/+19
2021-11-24Bump version numbersLibravatar Dirkjan Ochtman1-2/+2
2021-11-24Remove authors from Cargo metadata (see RFC 3052)Libravatar Dirkjan Ochtman1-1/+0
generated by cgit (git 2.34.1) at 2024-11-22 06:35:54 +0000