aboutsummaryrefslogtreecommitdiffstats
path: root/book (unfollow)
Commit message (Collapse)AuthorFilesLines
2022-04-21Add documentation for "config" parameterLibravatar Guillaume Gomez1-2/+9
2022-04-21Add documentation for suppress_whitespaceLibravatar Guillaume Gomez1-1/+28
2022-02-21Book: document markdown filterLibravatar René Kijewski1-0/+25
2022-02-21Book: add TOC to filtersLibravatar René Kijewski1-1/+48
2022-02-16Make json filter safeLibravatar René Kijewski1-25/+47
Previously the built-in json filter had an issue that made it unsafe to use in HTML data. When used in HTML attributes an attacker who is able to supply an arbitrary string that should be JSON encoded could close the containing HTML element e.g. with `"</div>"`, and write arbitrary HTML code afterwards as long as they use apostrophes instead of quotation marks. The programmer could make this use case safe by explicitly escaping the JSON result: `{{data|json|escape}}`. In a `<script>` context the json filter was not usable at all, because in scripts HTML escaped entities are not parsed outside of XHTML documents. Without using the safe filter an attacker could close the current script using `"</script>"`. This PR fixes the problem by always escaping less-than, greater-than, ampersand, and apostrophe characters using their JSON unicode escape sequence `\u00xx`. Unless the programmer explicitly uses the safe filter, quotation marks are HTML encoded as `&quot`. In scripts the programmer should use the safe filter, otherwise not.
2022-02-02Update README.md, sync with the bookLibravatar René Kijewski1-2/+3
2021-11-27Add Axum integrationLibravatar Michael Alyn Miller1-0/+12
2021-11-19Updated book to include optional escaper for escape filterLibravatar vallentin1-0/+22
2021-08-05Remove the askama_iron integrationLibravatar Dirkjan Ochtman1-12/+0
This web framework seems not to have been updated for quite a while, and its current version appears to depend on vulnerable crates. Remove it for now. If someone wants to fix up Iron upstream and reinstate this, I'd be happy to review your PR.
2021-03-22updated the book to describe the new paragraphbreaks filterLibravatar mbuscemi1-0/+18
2021-01-06Added missing punctuation and backticksLibravatar vallentin1-14/+16
2021-01-06Added abs filter to bookLibravatar vallentin1-0/+14
2020-12-30Updated book to include tojson aliasLibravatar vallentin1-1/+3
2020-12-26Updated book to be on par with readmeLibravatar vallentin1-6/+1
2020-12-25Updated book to include let shadowLibravatar vallentin1-1/+11
2020-12-18Updated book to include nested commentsLibravatar vallentin1-1/+10
2020-12-16Updated book to include set aliasLibravatar vallentin1-1/+3
2020-11-21Fix small wording issues in bookLibravatar Fabian Würfl1-2/+2
2020-10-26Fix links and actions which were broken since the default branch was renamed ↵Libravatar jake2-7/+7
from master to main
2020-08-25Use efficient method for nested template renderingLibravatar Dirkjan Ochtman1-2/+3
2020-07-23Fix filter docs to clarify whitespace handlingLibravatar Dirkjan Ochtman1-16/+18
2020-07-14askama tideLibravatar Jacob Rothstein1-0/+9
2020-06-30Prune duplicate documentationLibravatar Dirkjan Ochtman1-2/+2
2020-06-30Single capital in section titlesLibravatar Dirkjan Ochtman1-3/+3
2020-06-30Move optional filter documentation into filters sectionLibravatar Dirkjan Ochtman2-25/+26
2020-06-29Add myself as an authorLibravatar Dirkjan Ochtman1-1/+1
2020-06-29Initial Askama Book (#332)Libravatar cetra311-0/+1018