aboutsummaryrefslogtreecommitdiffstats
path: root/askama_shared (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Make json filter safeLibravatar René Kijewski2022-02-163-18/+25
| | | | | | | | | | | | | | | | | | | | | Previously the built-in json filter had an issue that made it unsafe to use in HTML data. When used in HTML attributes an attacker who is able to supply an arbitrary string that should be JSON encoded could close the containing HTML element e.g. with `"</div>"`, and write arbitrary HTML code afterwards as long as they use apostrophes instead of quotation marks. The programmer could make this use case safe by explicitly escaping the JSON result: `{{data|json|escape}}`. In a `<script>` context the json filter was not usable at all, because in scripts HTML escaped entities are not parsed outside of XHTML documents. Without using the safe filter an attacker could close the current script using `"</script>"`. This PR fixes the problem by always escaping less-than, greater-than, ampersand, and apostrophe characters using their JSON unicode escape sequence `\u00xx`. Unless the programmer explicitly uses the safe filter, quotation marks are HTML encoded as `&quot`. In scripts the programmer should use the safe filter, otherwise not.
* askama_mendes: upgrade mendes to 0.0.62 (#636)Libravatar Dirkjan Ochtman2022-02-091-1/+1
|
* Add markdown filterLibravatar René Kijewski2022-02-073-3/+96
|
* Enable tracking of the offending span of an errorLibravatar René Kijewski2022-02-071-5/+24
|
* Take reference to AST ident only onceLibravatar René Kijewski2022-02-031-12/+17
|
* Replace if-let with matchLibravatar René Kijewski2022-02-031-4/+6
|
* Replace custom Cow with actual CowLibravatar René Kijewski2022-02-033-47/+42
|
* Remove used optional dependencyLibravatar René Kijewski2022-01-311-1/+0
|
* Remove `panic!()` in `loop.cycle([])`Libravatar René Kijewski2022-01-311-1/+1
|
* Don't wrap in StrLit just to extract the str imm.Libravatar René Kijewski2022-01-311-20/+4
|
* Update comment in TemplateInput::new()Libravatar René Kijewski2022-01-311-1/+1
|
* Make is_shadowing_variable() failableLibravatar René Kijewski2022-01-311-12/+24
|
* Allow comments in `{% match %}` and remove panic!Libravatar René Kijewski2022-01-311-19/+2
|
* Parse tuple expressionsLibravatar René Kijewski2022-01-282-3/+163
| | | | | | | Askama understands how to destructure tuples in let and match statements, but it does not understand how to build a tuple. This PR fixes this shortcoming.
* Implement error propagation expression: `?` (#590)Libravatar René Kijewski2022-01-283-6/+30
| | | | | | This change allows using the operator `?` in askama expressions. It works like the same operator in Rust: if a `Result` is `Ok`, it is unwrapped. If it is an error, then the `render()` method fails with this error value.
* Unify handling of calls (#614)Libravatar René Kijewski2022-01-272-145/+157
| | | | | Instead of having `Expr::VarCall`, `Expr::PathCall` and `Expr::MethodCall`, this PR unifies the handling of calls by removing the former three variants, and introducing `Expr::Call`.
* Replace `&PathBuf` with `&Path`Libravatar René Kijewski2022-01-242-9/+9
| | | | | PathBuf is to String like Path is to str, so `&PathBuf` is a pointer to a pointer. Clippy does not likes that.
* Tweak attribute parsing some moreLibravatar Dirkjan Ochtman2022-01-131-10/+7
|
* Make sure '#[template(…)]' is given exactly onceLibravatar René Kijewski2022-01-131-16/+22
|
* Rename "meta" in proc_macro parserLibravatar René Kijewski2022-01-131-3/+3
|
* Add template argument for contexts' hasherLibravatar René Kijewski2022-01-121-2/+2
| | | | | In askama_shared::generate a custom hasher for the contexts can be given, so Heritage needs to accept the argument to.
* `&Option<T>` → `Option<&T>`Libravatar René Kijewski2022-01-121-3/+3
|
* Fully qualify some more paths in generated codeLibravatar René Kijewski2022-01-121-3/+3
|
* Determine Content-Type during compilationLibravatar René Kijewski2022-01-072-0/+10
|
* Make TemplateInput::extension() reusableLibravatar René Kijewski2022-01-071-1/+7
|
* Unshadow function escaping()Libravatar René Kijewski2022-01-071-3/+3
|
* Move extension_to_mime_type() to askama_sharedLibravatar René Kijewski2022-01-073-0/+30
|
* Optimize parsing of rangesLibravatar René Kijewski2022-01-061-17/+13
| | | | | | | | | | Right now almost every expression needs to be parsed twice: `expr_any()` first parses the left-hand side of a range expression, and if no `..` or `..=` was found the left-hand expression is parsed again, this time as the result of the function. This diff removes the second parsing step by first looking for `.. (opt rhs)`, then for `lhs .. (opt rhs)`.
* Add `#[inline]` to trivial trait implementationsLibravatar René Kijewski2022-01-061-0/+9
|
* Remove the iron integration from generatorLibravatar René Kijewski2022-01-062-27/+0
| | | | | | | Issue #527 removed the askama_iron package, but not the integration if someone uses askama_derive's feature with "iron". The old askama_iron crate uses askama v0.10, so it will still work.
* Add `#![forbid(unsafe_code)]` to all crates except askama_escapeLibravatar René Kijewski2022-01-061-0/+1
|
* Add `#![deny(unreachable_pub)]` to all cratesLibravatar René Kijewski2022-01-061-0/+1
|
* Omit implicit lifetimesLibravatar René Kijewski2022-01-064-7/+7
|
* Same number of repeats in macro pattern and bodyLibravatar René Kijewski2022-01-061-1/+1
|
* No need to build a String when it gets referenced as &str implicitlyLibravatar René Kijewski2022-01-061-6/+0
|
* Combine imports from the same moduleLibravatar René Kijewski2022-01-061-2/+1
|
* Update for actix-web betaLibravatar René Kijewski2022-01-051-7/+3
|
* Bump version number for askama_sharedLibravatar Dirkjan Ochtman2022-01-041-1/+1
|
* askama_rocket: revert to rocket 0.4 for releaseLibravatar Dirkjan Ochtman2022-01-041-2/+4
|
* askama_actix: revert to actix-web v3 for releaseLibravatar Dirkjan Ochtman2022-01-041-3/+4
|
* Use a separate trait for object safety (#579)Libravatar Dirkjan Ochtman2021-12-151-17/+5
| | | | | | | | | | | | | | | | | | This is relatively major change to the main trait's API. For context, I always started from the concept of monomorphized traits, but later several contributors asked about object safety. At that point I made `Template` object-safe, and then even later added a `SizedTemplate` to make some things easier for people who don't need object safety. However, having object-safety in the primary trait is bad for performance (a substantial number of calls into the virtual `Write` trait is relatively slow), and I don't think those who don't need object safety should pay for the cost of having it. Additionally, I feel using associated consts for the extension and size hint is more idiomatic than having accessor methods. I don't know why I didn't use these from the start -- maybe associated consts didn't exist yet, or I didn't yet know how/when to use them. Askama is pretty old at this point...
* updated for actix-web 4.0.0-beta.14Libravatar CrunkLord4202021-12-141-1/+2
|
* Use char for patterns where possibleLibravatar Dirkjan Ochtman2021-12-082-3/+3
|
* Update axum to 0.4 (by switching to axum-core)Libravatar Michael Alyn Miller2021-12-051-5/+3
|
* Move askama_mendes integration into Askama repo (#561)Libravatar Dirkjan Ochtman2021-12-011-2/+2
|
* Merge pull request #562 from djc/prepare-0.12Libravatar René Kijewski2021-11-301-3/+2
|\ | | | | Prepare 0.12
| * Bump version numbersLibravatar Dirkjan Ochtman2021-11-241-2/+2
| |
| * Remove authors from Cargo metadata (see RFC 3052)Libravatar Dirkjan Ochtman2021-11-241-1/+0
| |
* | Allow whitespace trimming in {{raw}} blocksLibravatar René Kijewski2021-11-292-18/+21
| |
* | Add Axum integrationLibravatar Michael Alyn Miller2021-11-272-0/+19
|/
generated by cgit (git 2.34.1) at 2024-11-22 02:36:20 +0000