| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| |
|
|
|
| |
Previously askama_shared exported most of it's internals, so
askama_derive could use them. This is not needed anymore.
|
| |
|
|
|
|
|
|
|
|
| |
All the hard work in askama_derive was actually done in askama_shared.
This PR removes the back-and-forth interaction between the two crates.
Now askama_derive is a single re-export of `#[derive(Template)]` which
has to be done in a proc_macro crate.
This most likely means that askama_derive is "final", unless another
derive template needs to be introduced in the future.
|
| |
|
|
|
|
|
| |
Before this PR the handling of integrations was done both by
askama_shared and askama_derive. This diff lets askama_shared do the
work. This will prevent problems like #629, when both packages might
come out of sync.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Previously the built-in json filter had an issue that made it unsafe to
use in HTML data. When used in HTML attributes an attacker who is able
to supply an arbitrary string that should be JSON encoded could close
the containing HTML element e.g. with `"</div>"`, and write arbitrary
HTML code afterwards as long as they use apostrophes instead of
quotation marks. The programmer could make this use case safe by
explicitly escaping the JSON result: `{{data|json|escape}}`.
In a `<script>` context the json filter was not usable at all, because
in scripts HTML escaped entities are not parsed outside of XHTML
documents. Without using the safe filter an attacker could close the
current script using `"</script>"`.
This PR fixes the problem by always escaping less-than, greater-than,
ampersand, and apostrophe characters using their JSON unicode escape
sequence `\u00xx`. Unless the programmer explicitly uses the safe
filter, quotation marks are HTML encoded as `"`. In scripts the
programmer should use the safe filter, otherwise not.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
Askama understands how to destructure tuples in let and match
statements, but it does not understand how to build a tuple.
This PR fixes this shortcoming.
|
| |
|
|
|
|
| |
This change allows using the operator `?` in askama expressions. It
works like the same operator in Rust: if a `Result` is `Ok`, it is
unwrapped. If it is an error, then the `render()` method fails with this
error value.
|
| |
|
|
|
| |
Instead of having `Expr::VarCall`, `Expr::PathCall` and
`Expr::MethodCall`, this PR unifies the handling of calls by removing
the former three variants, and introducing `Expr::Call`.
|
| |
|
|
|
| |
PathBuf is to String like Path is to str, so `&PathBuf` is a pointer to
a pointer. Clippy does not likes that.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
In askama_shared::generate a custom hasher for the contexts can be
given, so Heritage needs to accept the argument to.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
Right now almost every expression needs to be parsed twice: `expr_any()`
first parses the left-hand side of a range expression, and if no `..`
or `..=` was found the left-hand expression is parsed again, this time
as the result of the function.
This diff removes the second parsing step by first looking for
`.. (opt rhs)`, then for `lhs .. (opt rhs)`.
|
| | |
|
| |
|
|
|
|
|
| |
Issue #527 removed the askama_iron package, but not the integration if
someone uses askama_derive's feature with "iron".
The old askama_iron crate uses askama v0.10, so it will still work.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is relatively major change to the main trait's API. For context,
I always started from the concept of monomorphized traits, but later
several contributors asked about object safety. At that point I made
`Template` object-safe, and then even later added a `SizedTemplate`
to make some things easier for people who don't need object safety.
However, having object-safety in the primary trait is bad for
performance (a substantial number of calls into the virtual `Write`
trait is relatively slow), and I don't think those who don't need
object safety should pay for the cost of having it.
Additionally, I feel using associated consts for the extension and
size hint is more idiomatic than having accessor methods. I don't
know why I didn't use these from the start -- maybe associated
consts didn't exist yet, or I didn't yet know how/when to use them.
Askama is pretty old at this point...
|
| | |
|
| | |
|
René Kijewski
Dirkjan Ochtman
René Kijewski
CrunkLord420