liquid-autoescape 1.0.0 → 2.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +5 -5
- data/README.md +14 -1
- data/lib/liquid/autoescape/liquid_ext/variable.rb +10 -3
- data/lib/liquid/autoescape/tags/autoescape.rb +20 -6
- data/lib/liquid/autoescape/version.rb +1 -1
- data/spec/functional/autoescape_tag_spec.rb +35 -2
- data/spec/spec_helper.rb +3 -0
- data/spec/unit/template_variable_spec.rb +10 -1
- metadata +6 -11
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
|
-
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
2
|
+
SHA256:
|
|
3
|
+
metadata.gz: b397fc9232706426ca91710555a33c98e8db5ce0af23af26fee26cb44cfa4262
|
|
4
|
+
data.tar.gz: 3edde43e61454a88ff196180681225b5683982864521dbf860c5ded2d7535cca
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 7a8c6bd93a198ec3b558d60d14fe22c3ebad9bc42e85fc79f7bf0185104c8626b0530629d0f99a1934c94ccbec59f19ae80fa37a769f57cd794f1d1295c3268f
|
|
7
|
+
data.tar.gz: 4261aeb4996b91225f316799bb68a914022630830515b5373ce29a53a83775e2532b057ef820e3ccd84ffde52294c37bcdabdf1e3697a9569fbcce8b9d6aa0fd
|
data/README.md
CHANGED
|
@@ -7,7 +7,7 @@ referenced within it to be escaped for display in an HTML context.
|
|
|
7
7
|
|
|
8
8
|
## Requirements
|
|
9
9
|
|
|
10
|
-
* Ruby >= 2.
|
|
10
|
+
* Ruby >= 2.2
|
|
11
11
|
* Liquid 2 or 3
|
|
12
12
|
|
|
13
13
|
## Basic Usage
|
|
@@ -163,3 +163,16 @@ end
|
|
|
163
163
|
Escaped: {{ variable }}
|
|
164
164
|
Not Escaped: {{ variable | skip_escape }}
|
|
165
165
|
```
|
|
166
|
+
|
|
167
|
+
Additionally, autoescaping can be selectively disabled within a block when
|
|
168
|
+
running in global mode:
|
|
169
|
+
|
|
170
|
+
```liquid
|
|
171
|
+
{% assign value = "&" %}
|
|
172
|
+
|
|
173
|
+
<!-- Renders "&" -->
|
|
174
|
+
{{ value }}
|
|
175
|
+
|
|
176
|
+
<!-- Renders "&&" -->
|
|
177
|
+
{% autoescape false %}{{ value }}{{ value }}{% endautoescape %}
|
|
178
|
+
```
|
|
@@ -20,12 +20,19 @@ module Liquid
|
|
|
20
20
|
# @param [Liquid::Context] context The variable's rendering context
|
|
21
21
|
# @return [String] The potentially escaped contents of the variable
|
|
22
22
|
def render(context)
|
|
23
|
-
|
|
23
|
+
is_global = Autoescape.configuration.global?
|
|
24
|
+
is_local = context[Autoescape::ENABLED_FLAG]
|
|
25
|
+
|
|
26
|
+
if !is_global && !is_local
|
|
24
27
|
return non_escaping_render(context)
|
|
25
28
|
end
|
|
26
29
|
|
|
27
|
-
|
|
28
|
-
|
|
30
|
+
if is_global && is_local == false
|
|
31
|
+
is_exempt = true
|
|
32
|
+
else
|
|
33
|
+
variable = Autoescape::TemplateVariable.from_liquid_variable(self)
|
|
34
|
+
is_exempt = Autoescape.configuration.exemptions.apply?(variable)
|
|
35
|
+
end
|
|
29
36
|
|
|
30
37
|
@filters << [:escape, []] unless is_exempt
|
|
31
38
|
output = non_escaping_render(context)
|
|
@@ -11,7 +11,7 @@ module Liquid
|
|
|
11
11
|
# Any variables that should be exempt from escaping should have the
|
|
12
12
|
# +skip_escape+ filter applied to them.
|
|
13
13
|
#
|
|
14
|
-
# @example
|
|
14
|
+
# @example Default usage
|
|
15
15
|
# {% assign untrusted = "<script>window.reload();</script>" %}
|
|
16
16
|
# {% assign trusted = "<strong>Text</strong>" %}
|
|
17
17
|
#
|
|
@@ -19,19 +19,33 @@ module Liquid
|
|
|
19
19
|
# {{ untrusted }}
|
|
20
20
|
# {{ trusted | skip_escape }}
|
|
21
21
|
# {% endautoescape %}
|
|
22
|
+
#
|
|
23
|
+
# @example Controlling whether escaping is applied
|
|
24
|
+
# {% assign value = "&" %}
|
|
25
|
+
#
|
|
26
|
+
# <!-- Renders "&" -->
|
|
27
|
+
# {% autoescape true %}{{ value }}{% endautoescape %}
|
|
28
|
+
#
|
|
29
|
+
# <!-- Renders "&" -->
|
|
30
|
+
# {% autoescape false %}{{ value }}{% endautoescape %}
|
|
22
31
|
class Autoescape < Block
|
|
23
32
|
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
raise SyntaxError, "Syntax Error in 'autoescape' - Valid syntax: {% autoescape %}"
|
|
27
|
-
end
|
|
33
|
+
SYNTAX = /^(#{QuotedFragment})?\s+?$/.freeze
|
|
34
|
+
private_constant :SYNTAX
|
|
28
35
|
|
|
36
|
+
def initialize(tag_name, markup, tokens)
|
|
29
37
|
super
|
|
38
|
+
|
|
39
|
+
if markup =~ SYNTAX
|
|
40
|
+
@autoescape_flag = $1
|
|
41
|
+
elsif !markup.empty?
|
|
42
|
+
raise SyntaxError, "Syntax Error in 'autoescape' - Valid syntax: {% autoescape [true|false] %}"
|
|
43
|
+
end
|
|
30
44
|
end
|
|
31
45
|
|
|
32
46
|
def render(context)
|
|
33
47
|
context.stack do
|
|
34
|
-
context[ENABLED_FLAG] = true
|
|
48
|
+
context[ENABLED_FLAG] = @autoescape_flag ? context[@autoescape_flag] : true
|
|
35
49
|
super
|
|
36
50
|
end
|
|
37
51
|
end
|
|
@@ -77,8 +77,33 @@ describe "{% autoescape %}" do
|
|
|
77
77
|
)
|
|
78
78
|
end
|
|
79
79
|
|
|
80
|
-
it "
|
|
81
|
-
|
|
80
|
+
it "supports explicit enabling" do
|
|
81
|
+
verify_template_output(
|
|
82
|
+
"{% autoescape true %}{{ variable }}{% endautoescape %}",
|
|
83
|
+
"&",
|
|
84
|
+
"variable" => "&"
|
|
85
|
+
)
|
|
86
|
+
end
|
|
87
|
+
|
|
88
|
+
it "supports explicit disabling" do
|
|
89
|
+
verify_template_output(
|
|
90
|
+
"{% autoescape false %}{{ variable }}{% endautoescape %}",
|
|
91
|
+
"&",
|
|
92
|
+
"variable" => "&"
|
|
93
|
+
)
|
|
94
|
+
end
|
|
95
|
+
|
|
96
|
+
it "supports reading the autoescaping state from a variable" do
|
|
97
|
+
verify_template_output(
|
|
98
|
+
"{% autoescape escape %}{{ variable }}{% endautoescape %}",
|
|
99
|
+
"&",
|
|
100
|
+
"escape" => true,
|
|
101
|
+
"variable" => "&"
|
|
102
|
+
)
|
|
103
|
+
end
|
|
104
|
+
|
|
105
|
+
it "raises an error when called with multiple arguments" do
|
|
106
|
+
invalid = "{% autoescape one two %}{% endautoescape %}"
|
|
82
107
|
expect { Liquid::Template.parse(invalid) }.to raise_error(Liquid::SyntaxError)
|
|
83
108
|
end
|
|
84
109
|
|
|
@@ -118,6 +143,14 @@ describe "{% autoescape %}" do
|
|
|
118
143
|
)
|
|
119
144
|
end
|
|
120
145
|
|
|
146
|
+
it "supports opting out of autoescaping within a block" do
|
|
147
|
+
verify_template_output(
|
|
148
|
+
"{{ variable }}{% autoescape false %}{{ variable }}{{ variable }}{% endautoescape %}",
|
|
149
|
+
"&&&",
|
|
150
|
+
"variable" => "&"
|
|
151
|
+
)
|
|
152
|
+
end
|
|
153
|
+
|
|
121
154
|
end
|
|
122
155
|
|
|
123
156
|
context "with custom exemptions" do
|
data/spec/spec_helper.rb
ADDED
|
@@ -27,7 +27,16 @@ module Liquid
|
|
|
27
27
|
|
|
28
28
|
describe ".from_liquid_variable" do
|
|
29
29
|
|
|
30
|
-
let(:liquid_variable)
|
|
30
|
+
let(:liquid_variable) do
|
|
31
|
+
args = [variable_name]
|
|
32
|
+
|
|
33
|
+
if defined?(Liquid::ParseContext)
|
|
34
|
+
args << Liquid::ParseContext.new
|
|
35
|
+
end
|
|
36
|
+
|
|
37
|
+
Liquid::Variable.new(*args)
|
|
38
|
+
end
|
|
39
|
+
|
|
31
40
|
let(:variable_name) { nil }
|
|
32
41
|
|
|
33
42
|
let(:wrapper) { TemplateVariable.from_liquid_variable(liquid_variable) }
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: liquid-autoescape
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version:
|
|
4
|
+
version: 2.0.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Within3
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2019-03-21 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: liquid
|
|
@@ -17,9 +17,6 @@ dependencies:
|
|
|
17
17
|
- - ">="
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
19
|
version: '2.0'
|
|
20
|
-
- - "<"
|
|
21
|
-
- !ruby/object:Gem::Version
|
|
22
|
-
version: '4.0'
|
|
23
20
|
type: :runtime
|
|
24
21
|
prerelease: false
|
|
25
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
@@ -27,9 +24,6 @@ dependencies:
|
|
|
27
24
|
- - ">="
|
|
28
25
|
- !ruby/object:Gem::Version
|
|
29
26
|
version: '2.0'
|
|
30
|
-
- - "<"
|
|
31
|
-
- !ruby/object:Gem::Version
|
|
32
|
-
version: '4.0'
|
|
33
27
|
- !ruby/object:Gem::Dependency
|
|
34
28
|
name: appraisal
|
|
35
29
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -121,6 +115,7 @@ files:
|
|
|
121
115
|
- lib/liquid/autoescape/template_variable.rb
|
|
122
116
|
- lib/liquid/autoescape/version.rb
|
|
123
117
|
- spec/functional/autoescape_tag_spec.rb
|
|
118
|
+
- spec/spec_helper.rb
|
|
124
119
|
- spec/unit/autoescape_spec.rb
|
|
125
120
|
- spec/unit/configuration_spec.rb
|
|
126
121
|
- spec/unit/core_exemptions_spec.rb
|
|
@@ -139,19 +134,19 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
|
139
134
|
requirements:
|
|
140
135
|
- - ">="
|
|
141
136
|
- !ruby/object:Gem::Version
|
|
142
|
-
version: 2.
|
|
137
|
+
version: '2.2'
|
|
143
138
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
144
139
|
requirements:
|
|
145
140
|
- - ">="
|
|
146
141
|
- !ruby/object:Gem::Version
|
|
147
142
|
version: '0'
|
|
148
143
|
requirements: []
|
|
149
|
-
|
|
150
|
-
rubygems_version: 2.5.1
|
|
144
|
+
rubygems_version: 3.0.3
|
|
151
145
|
signing_key:
|
|
152
146
|
specification_version: 4
|
|
153
147
|
summary: Autoescape support for Liquid
|
|
154
148
|
test_files:
|
|
149
|
+
- spec/spec_helper.rb
|
|
155
150
|
- spec/unit/core_exemptions_spec.rb
|
|
156
151
|
- spec/unit/configuration_spec.rb
|
|
157
152
|
- spec/unit/autoescape_spec.rb
|