liquid-autoescape 1.0.0 → 2.0.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +5 -5
- data/README.md +14 -1
- data/lib/liquid/autoescape/liquid_ext/variable.rb +10 -3
- data/lib/liquid/autoescape/tags/autoescape.rb +20 -6
- data/lib/liquid/autoescape/version.rb +1 -1
- data/spec/functional/autoescape_tag_spec.rb +35 -2
- data/spec/spec_helper.rb +3 -0
- data/spec/unit/template_variable_spec.rb +10 -1
- metadata +6 -11
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
|
-
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
2
|
+
SHA256:
|
3
|
+
metadata.gz: b397fc9232706426ca91710555a33c98e8db5ce0af23af26fee26cb44cfa4262
|
4
|
+
data.tar.gz: 3edde43e61454a88ff196180681225b5683982864521dbf860c5ded2d7535cca
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 7a8c6bd93a198ec3b558d60d14fe22c3ebad9bc42e85fc79f7bf0185104c8626b0530629d0f99a1934c94ccbec59f19ae80fa37a769f57cd794f1d1295c3268f
|
7
|
+
data.tar.gz: 4261aeb4996b91225f316799bb68a914022630830515b5373ce29a53a83775e2532b057ef820e3ccd84ffde52294c37bcdabdf1e3697a9569fbcce8b9d6aa0fd
|
data/README.md
CHANGED
@@ -7,7 +7,7 @@ referenced within it to be escaped for display in an HTML context.
|
|
7
7
|
|
8
8
|
## Requirements
|
9
9
|
|
10
|
-
* Ruby >= 2.
|
10
|
+
* Ruby >= 2.2
|
11
11
|
* Liquid 2 or 3
|
12
12
|
|
13
13
|
## Basic Usage
|
@@ -163,3 +163,16 @@ end
|
|
163
163
|
Escaped: {{ variable }}
|
164
164
|
Not Escaped: {{ variable | skip_escape }}
|
165
165
|
```
|
166
|
+
|
167
|
+
Additionally, autoescaping can be selectively disabled within a block when
|
168
|
+
running in global mode:
|
169
|
+
|
170
|
+
```liquid
|
171
|
+
{% assign value = "&" %}
|
172
|
+
|
173
|
+
<!-- Renders "&" -->
|
174
|
+
{{ value }}
|
175
|
+
|
176
|
+
<!-- Renders "&&" -->
|
177
|
+
{% autoescape false %}{{ value }}{{ value }}{% endautoescape %}
|
178
|
+
```
|
@@ -20,12 +20,19 @@ module Liquid
|
|
20
20
|
# @param [Liquid::Context] context The variable's rendering context
|
21
21
|
# @return [String] The potentially escaped contents of the variable
|
22
22
|
def render(context)
|
23
|
-
|
23
|
+
is_global = Autoescape.configuration.global?
|
24
|
+
is_local = context[Autoescape::ENABLED_FLAG]
|
25
|
+
|
26
|
+
if !is_global && !is_local
|
24
27
|
return non_escaping_render(context)
|
25
28
|
end
|
26
29
|
|
27
|
-
|
28
|
-
|
30
|
+
if is_global && is_local == false
|
31
|
+
is_exempt = true
|
32
|
+
else
|
33
|
+
variable = Autoescape::TemplateVariable.from_liquid_variable(self)
|
34
|
+
is_exempt = Autoescape.configuration.exemptions.apply?(variable)
|
35
|
+
end
|
29
36
|
|
30
37
|
@filters << [:escape, []] unless is_exempt
|
31
38
|
output = non_escaping_render(context)
|
@@ -11,7 +11,7 @@ module Liquid
|
|
11
11
|
# Any variables that should be exempt from escaping should have the
|
12
12
|
# +skip_escape+ filter applied to them.
|
13
13
|
#
|
14
|
-
# @example
|
14
|
+
# @example Default usage
|
15
15
|
# {% assign untrusted = "<script>window.reload();</script>" %}
|
16
16
|
# {% assign trusted = "<strong>Text</strong>" %}
|
17
17
|
#
|
@@ -19,19 +19,33 @@ module Liquid
|
|
19
19
|
# {{ untrusted }}
|
20
20
|
# {{ trusted | skip_escape }}
|
21
21
|
# {% endautoescape %}
|
22
|
+
#
|
23
|
+
# @example Controlling whether escaping is applied
|
24
|
+
# {% assign value = "&" %}
|
25
|
+
#
|
26
|
+
# <!-- Renders "&" -->
|
27
|
+
# {% autoescape true %}{{ value }}{% endautoescape %}
|
28
|
+
#
|
29
|
+
# <!-- Renders "&" -->
|
30
|
+
# {% autoescape false %}{{ value }}{% endautoescape %}
|
22
31
|
class Autoescape < Block
|
23
32
|
|
24
|
-
|
25
|
-
|
26
|
-
raise SyntaxError, "Syntax Error in 'autoescape' - Valid syntax: {% autoescape %}"
|
27
|
-
end
|
33
|
+
SYNTAX = /^(#{QuotedFragment})?\s+?$/.freeze
|
34
|
+
private_constant :SYNTAX
|
28
35
|
|
36
|
+
def initialize(tag_name, markup, tokens)
|
29
37
|
super
|
38
|
+
|
39
|
+
if markup =~ SYNTAX
|
40
|
+
@autoescape_flag = $1
|
41
|
+
elsif !markup.empty?
|
42
|
+
raise SyntaxError, "Syntax Error in 'autoescape' - Valid syntax: {% autoescape [true|false] %}"
|
43
|
+
end
|
30
44
|
end
|
31
45
|
|
32
46
|
def render(context)
|
33
47
|
context.stack do
|
34
|
-
context[ENABLED_FLAG] = true
|
48
|
+
context[ENABLED_FLAG] = @autoescape_flag ? context[@autoescape_flag] : true
|
35
49
|
super
|
36
50
|
end
|
37
51
|
end
|
@@ -77,8 +77,33 @@ describe "{% autoescape %}" do
|
|
77
77
|
)
|
78
78
|
end
|
79
79
|
|
80
|
-
it "
|
81
|
-
|
80
|
+
it "supports explicit enabling" do
|
81
|
+
verify_template_output(
|
82
|
+
"{% autoescape true %}{{ variable }}{% endautoescape %}",
|
83
|
+
"&",
|
84
|
+
"variable" => "&"
|
85
|
+
)
|
86
|
+
end
|
87
|
+
|
88
|
+
it "supports explicit disabling" do
|
89
|
+
verify_template_output(
|
90
|
+
"{% autoescape false %}{{ variable }}{% endautoescape %}",
|
91
|
+
"&",
|
92
|
+
"variable" => "&"
|
93
|
+
)
|
94
|
+
end
|
95
|
+
|
96
|
+
it "supports reading the autoescaping state from a variable" do
|
97
|
+
verify_template_output(
|
98
|
+
"{% autoescape escape %}{{ variable }}{% endautoescape %}",
|
99
|
+
"&",
|
100
|
+
"escape" => true,
|
101
|
+
"variable" => "&"
|
102
|
+
)
|
103
|
+
end
|
104
|
+
|
105
|
+
it "raises an error when called with multiple arguments" do
|
106
|
+
invalid = "{% autoescape one two %}{% endautoescape %}"
|
82
107
|
expect { Liquid::Template.parse(invalid) }.to raise_error(Liquid::SyntaxError)
|
83
108
|
end
|
84
109
|
|
@@ -118,6 +143,14 @@ describe "{% autoescape %}" do
|
|
118
143
|
)
|
119
144
|
end
|
120
145
|
|
146
|
+
it "supports opting out of autoescaping within a block" do
|
147
|
+
verify_template_output(
|
148
|
+
"{{ variable }}{% autoescape false %}{{ variable }}{{ variable }}{% endautoescape %}",
|
149
|
+
"&&&",
|
150
|
+
"variable" => "&"
|
151
|
+
)
|
152
|
+
end
|
153
|
+
|
121
154
|
end
|
122
155
|
|
123
156
|
context "with custom exemptions" do
|
data/spec/spec_helper.rb
ADDED
@@ -27,7 +27,16 @@ module Liquid
|
|
27
27
|
|
28
28
|
describe ".from_liquid_variable" do
|
29
29
|
|
30
|
-
let(:liquid_variable)
|
30
|
+
let(:liquid_variable) do
|
31
|
+
args = [variable_name]
|
32
|
+
|
33
|
+
if defined?(Liquid::ParseContext)
|
34
|
+
args << Liquid::ParseContext.new
|
35
|
+
end
|
36
|
+
|
37
|
+
Liquid::Variable.new(*args)
|
38
|
+
end
|
39
|
+
|
31
40
|
let(:variable_name) { nil }
|
32
41
|
|
33
42
|
let(:wrapper) { TemplateVariable.from_liquid_variable(liquid_variable) }
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: liquid-autoescape
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version:
|
4
|
+
version: 2.0.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Within3
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2019-03-21 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: liquid
|
@@ -17,9 +17,6 @@ dependencies:
|
|
17
17
|
- - ">="
|
18
18
|
- !ruby/object:Gem::Version
|
19
19
|
version: '2.0'
|
20
|
-
- - "<"
|
21
|
-
- !ruby/object:Gem::Version
|
22
|
-
version: '4.0'
|
23
20
|
type: :runtime
|
24
21
|
prerelease: false
|
25
22
|
version_requirements: !ruby/object:Gem::Requirement
|
@@ -27,9 +24,6 @@ dependencies:
|
|
27
24
|
- - ">="
|
28
25
|
- !ruby/object:Gem::Version
|
29
26
|
version: '2.0'
|
30
|
-
- - "<"
|
31
|
-
- !ruby/object:Gem::Version
|
32
|
-
version: '4.0'
|
33
27
|
- !ruby/object:Gem::Dependency
|
34
28
|
name: appraisal
|
35
29
|
requirement: !ruby/object:Gem::Requirement
|
@@ -121,6 +115,7 @@ files:
|
|
121
115
|
- lib/liquid/autoescape/template_variable.rb
|
122
116
|
- lib/liquid/autoescape/version.rb
|
123
117
|
- spec/functional/autoescape_tag_spec.rb
|
118
|
+
- spec/spec_helper.rb
|
124
119
|
- spec/unit/autoescape_spec.rb
|
125
120
|
- spec/unit/configuration_spec.rb
|
126
121
|
- spec/unit/core_exemptions_spec.rb
|
@@ -139,19 +134,19 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
139
134
|
requirements:
|
140
135
|
- - ">="
|
141
136
|
- !ruby/object:Gem::Version
|
142
|
-
version: 2.
|
137
|
+
version: '2.2'
|
143
138
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
144
139
|
requirements:
|
145
140
|
- - ">="
|
146
141
|
- !ruby/object:Gem::Version
|
147
142
|
version: '0'
|
148
143
|
requirements: []
|
149
|
-
|
150
|
-
rubygems_version: 2.5.1
|
144
|
+
rubygems_version: 3.0.3
|
151
145
|
signing_key:
|
152
146
|
specification_version: 4
|
153
147
|
summary: Autoescape support for Liquid
|
154
148
|
test_files:
|
149
|
+
- spec/spec_helper.rb
|
155
150
|
- spec/unit/core_exemptions_spec.rb
|
156
151
|
- spec/unit/configuration_spec.rb
|
157
152
|
- spec/unit/autoescape_spec.rb
|