| Commit message (Collapse) | Author | Age | Files | Lines | |
|---|---|---|---|---|---|
| * | Make json filter safe |  René Kijewski | 2022-02-16 | 1 | -1/+1 |
| | | | | | | | | | | | | | | | | | | | | | | Previously the built-in json filter had an issue that made it unsafe to use in HTML data. When used in HTML attributes an attacker who is able to supply an arbitrary string that should be JSON encoded could close the containing HTML element e.g. with `"</div>"`, and write arbitrary HTML code afterwards as long as they use apostrophes instead of quotation marks. The programmer could make this use case safe by explicitly escaping the JSON result: `{{data|json|escape}}`. In a `<script>` context the json filter was not usable at all, because in scripts HTML escaped entities are not parsed outside of XHTML documents. Without using the safe filter an attacker could close the current script using `"</script>"`. This PR fixes the problem by always escaping less-than, greater-than, ampersand, and apostrophe characters using their JSON unicode escape sequence `\u00xx`. Unless the programmer explicitly uses the safe filter, quotation marks are HTML encoded as `"`. In scripts the programmer should use the safe filter, otherwise not. | ||||
| * | Allow whitespace trimming in {{raw}} blocks | René Kijewski | 2021-11-29 | 1 | -0/+2 |
| | | |||||
| * | Add {% break %} and {% continue %} | René Kijewski | 2021-08-30 | 1 | -0/+11 |
| | | | | | | This PR adds `{% break %}` and `{% continue %}` statements to break out of a loop, or continue with the next element of the iterator. | ||||
| * | Add test case for matching on Option<bool> |  Restioson | 2021-08-25 | 1 | -0/+8 |
| | | |||||
| * | Issue #379 was fixed | René Kijewski | 2021-07-30 | 2 | -0/+28 |
| | | | | | | | | | This PR adds the tests by @msrd0 <git@msrd0.de> that failed before. The error was fixed somewhen between f23162a and now, so these tests serve to prevent regressions in the future. I simplified the tests very slightly to omit whitespaces in the output. | ||||
| * | Use "target()" to parse "when" block | René Kijewski | 2021-07-30 | 1 | -0/+10 |
| | | | | | | | | | | | | | `target()` as used in parsing "let" and "if let" implements parsing nested tuples and structs. But it does not implement parsing literals. The functions `match_variant()` and `with_parameters()` as used in parsing "when" blocks do not implement parsing nested structs, but it implements parsing literals. This PR combines `match_variant()` and `with_parameters()` into `target()`, so that all `{%when%}` support nested structs, too. | ||||
| * | Add tuple destructoring tests | René Kijewski | 2021-07-05 | 1 | -0/+3 |
| | | |||||
| * | Replace rust_macro test to work on nightly | René Kijewski | 2021-07-02 | 1 | -3/+3 |
| | | | | | | | | | | | | | | | | | The current rust_test uses `stringify!()`. The documentation gives us the warning: > Note that the expanded results of the input tokens may change in the > future. You should be careful if you rely on the output. In the current nightly rust the result was indeed changed, so the test not fails. This PR replaces the test with another macro, that does not depend on `stringify!()`. Closes issue #504. | ||||
| * | Add "if let" tests | René Kijewski | 2021-07-01 | 4 | -0/+10 |
| | | |||||
| * | Fix code generation for macro calls that store args in variables. |  Ryan Kelly | 2021-06-22 | 1 | -0/+9 |
| | | |||||
| * | Added path and ext tests |  vallentin | 2021-03-10 | 3 | -0/+3 |
| | | |||||
| * | Added let shadow test | vallentin | 2020-12-25 | 1 | -0/+22 |
| | | |||||
| * | Improved if statement generation to avoid issues with implicit borrows (#392) | Christian Vallentin | 2020-12-01 | 1 | -0/+51 |
| | | | | | | | | * Changed to automatically coerce to bool * Added new test case * Updated test case to include else if | ||||
| * | Fixed implicit borrow of expressions (#390) |  Christian Vallentin | 2020-12-01 | 1 | -0/+9 |
| | | |||||
| * | Use efficient method for nested template rendering |  Dirkjan Ochtman | 2020-08-25 | 1 | -3/+3 |
| | | |||||
| * | Fix additional clippy issue | Dirkjan Ochtman | 2020-07-20 | 1 | -1/+1 |
| | | |||||
| * | Clean up clippy issues | Dirkjan Ochtman | 2020-07-20 | 1 | -2/+1 |
| | | |||||
| * | Add tests for allow whitespaces patch |  Ciprian Dorin Craciun | 2020-06-30 | 1 | -0/+63 |
| | | |||||
| * | Move Iron integration into a separate askama_iron crate | Dirkjan Ochtman | 2020-01-29 | 1 | -1/+0 |
| | | |||||
| * | Add new templates | Dirkjan Ochtman | 2020-01-12 | 2 | -0/+6 |
| | | |||||
| * | Support escaping in string literals |  Tuomas Siipola | 2020-01-12 | 1 | -0/+2 |
| | | | | | | | Do not attempt to parse escape sequences thoroughly. Instead let the Rust compiler to check the string literals and provide nice error messages if necessary. | ||||
| * | Support char literals | Tuomas Siipola | 2020-01-03 | 2 | -0/+9 |
| | | |||||
| * | Reformat test for better readability | Dirkjan Ochtman | 2019-10-09 | 1 | -15/+3 |
| | | |||||
| * | Limit test sensitivity to macro pretty printing output | Dirkjan Ochtman | 2019-10-09 | 1 | -14/+3 |
| | | | | | See https://github.com/rust-lang/rust/issues/65207. | ||||
| * | Add support for boolean literals |  Dave Poulter | 2019-10-08 | 1 | -0/+2 |
| | | |||||
| * | WIP: Add raw block |  Pavel Fokin | 2019-04-18 | 2 | -0/+8 |
| | | |||||
| * | Move small templates into source code | Dirkjan Ochtman | 2019-03-18 | 2 | -4/+0 |
| | | |||||
| * | Documenting feature render in template |  Vicente Ramirez Perea | 2019-03-18 | 3 | -0/+10 |
| | | |||||
| * | Add support for loop.last |  yossyJ | 2019-01-08 | 2 | -2/+2 |
| | | |||||
| * | Allow trailing commas in tuples (#188) | yossyJ | 2019-01-08 | 1 | -1/+1 |
| | | |||||
| * | Add support for tuple | yossyJ | 2019-01-04 | 2 | -0/+4 |
| | | |||||
| * | fix rust macro arguments |  Juan Aguilar Santillana | 2018-12-13 | 1 | -0/+26 |
| | | |||||
| * | Allow using brackets for enums in `match` |  mcarton | 2018-12-12 | 1 | -2/+2 |
| | | |||||
| * | Add test for unescaped variable expressions (see #132) |  Qian Linfeng | 2018-10-20 | 1 | -0/+5 |
| | | |||||
| * | Clean up warning about unused field | Dirkjan Ochtman | 2018-10-08 | 1 | -1/+1 |
| | | |||||
| * | Add Rust macro support at templates | bott | 2018-10-07 | 1 | -0/+1 |
| | | |||||
| * | fix panicked on range-based for loop | bott | 2018-09-21 | 1 | -0/+15 |
| | | |||||
| * | Fix operator preference at loop.index | bott | 2018-09-14 | 1 | -1/+1 |
| | | |||||
| * | Fix operator preference at loop.first | bott | 2018-09-14 | 1 | -0/+3 |
| | | |||||
| * | Fix deep nested imports in macro calls | bott | 2018-09-07 | 3 | -2/+8 |
| | | |||||
| * | Fix multiple nesting in macro calls into different scopes | bott | 2018-09-02 | 1 | -2/+6 |
| | | |||||
| * | Add test for nested macro calls into different scope | bott | 2018-09-02 | 2 | -0/+9 |
| | | |||||
| * | Add benchmarks to the Askama repo | Dirkjan Ochtman | 2018-06-28 | 2 | -0/+20 |
| | | |||||
| * | Add test for 'loop.first' variable | Dirkjan Ochtman | 2018-06-25 | 1 | -1/+1 |
| | | |||||
| * | Add test for range operators | Dirkjan Ochtman | 2018-06-23 | 1 | -0/+5 |
| | | |||||
| * | Add test for 'super' macro | Dirkjan Ochtman | 2018-06-22 | 1 | -0/+1 |
| | | |||||
| * | Add test for deep inheritance | Dirkjan Ochtman | 2018-06-22 | 3 | -0/+43 |
| | | |||||
| * | Forgot to add new test templates | Dirkjan Ochtman | 2018-05-21 | 2 | -0/+8 |
| | | |||||
| * | Handle a lack of whitespace after match block (fixes #76) | Dirkjan Ochtman | 2018-04-12 | 1 | -0/+1 |
| | | |||||
| * | Fix whitespace handling for include blocks (fixes #69) | Dirkjan Ochtman | 2018-04-02 | 1 | -1/+1 |
| | | |||||
 |
index : askama | |
| [no description] | git repository hosting |
| aboutsummaryrefslogtreecommitdiffstats |