liquid-autoescape 2.0.0 → 3.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: b397fc9232706426ca91710555a33c98e8db5ce0af23af26fee26cb44cfa4262
-  data.tar.gz: 3edde43e61454a88ff196180681225b5683982864521dbf860c5ded2d7535cca
+  metadata.gz: 46da4857eefb1fa19dfbfca0f73cb03e7869e6cfe2ffbf2dce80d3a0b49b78f5
+  data.tar.gz: 2700c5d7f303d09f3ac2f6a0b4160e7f11a86920e09b8dec0d08b61684239d4a
 SHA512:
-  metadata.gz: 7a8c6bd93a198ec3b558d60d14fe22c3ebad9bc42e85fc79f7bf0185104c8626b0530629d0f99a1934c94ccbec59f19ae80fa37a769f57cd794f1d1295c3268f
-  data.tar.gz: 4261aeb4996b91225f316799bb68a914022630830515b5373ce29a53a83775e2532b057ef820e3ccd84ffde52294c37bcdabdf1e3697a9569fbcce8b9d6aa0fd
+  metadata.gz: ec72a9037fef0ad0fdc43a8ff93d0cc9b5257a8ac223cc24878b4c0304805a7b2ada9fb1dce16101b5d06be2eaa7528e9364539eb013b0ff2065b06abfe056df
+  data.tar.gz: 6b4e20285bbdbbaa132af2bf8026df09c19e8d4bc0d0cb12c0072ce4a4c3ceb3ca4d08fce4faa133e69322c5683fa75f0576be4a464cbec1bc72e18f19b020f2

data/README.md

@@ -3,12 +3,14 @@
 [![Build Status](https://travis-ci.org/Within3/liquid-autoescape.svg)](https://travis-ci.org/Within3/liquid-autoescape)
 
 This adds an `{% autoescape %}` block tag to Liquid that causes all variables
-referenced within it to be escaped for display in an HTML context.
+referenced within it to be escaped for display in an HTML context.  It also adds
+the ability to enable global auto-escaping of all variables by default, and
+provides a set of tools for not escaping variables that are known to be safe.
 
 ## Requirements
 
 * Ruby >= 2.2
-* Liquid 2 or 3
+* Liquid >= 2.3
 
 ## Basic Usage
 
@@ -43,7 +45,7 @@ escaped, use the `skip_escape` filter.
 ## Advanced Usage
 
 Autoescaping can be customized to work better with your environment via a
-Ruby-level configuration object.  To configure autoescaping, use the `config`
+Ruby-level configuration object.  To configure auto-escaping, use the `config`
 object exposed by `Liquid::Autoescape.configure` in any Ruby file loaded before
 templates are rendered.
 
@@ -55,7 +57,7 @@ Liquid::Autoescape.configure do |config|
 end
 ```
 
-The autoescape options that can be configured are detailed below.
+The auto-escape options that can be configured are detailed below.
 
 ### Trusted Filters
 
@@ -128,7 +130,7 @@ As mentioned above, each exemption function is passed an object that describes a
 Liquid variable as used in a template.  This object exposes the variable's name,
 as well as a list of any filters that it uses. These values can be used by each
 exemption function to determine whether a variable should be exempt from
-autoescaping, as shown by the code below:
+auto-escaping, as shown by the code below:
 
 ```ruby
 Liquid::Autoescape.configure do |config|
@@ -164,7 +166,7 @@ Escaped: {{ variable }}
 Not Escaped: {{ variable | skip_escape }}
 ```
 
-Additionally, autoescaping can be selectively disabled within a block when
+Additionally, auto-escaping can be selectively disabled within a block when
 running in global mode:
 
 ```liquid

data/lib/liquid/autoescape/configuration.rb

@@ -4,7 +4,7 @@ require "liquid/autoescape/exemption_list"
 module Liquid
   module Autoescape
 
-    # A configuration file for setting autoescape options
+    # A configuration file for setting auto-escape options
     class Configuration
 
       # @return [Liquid::Autoescape::ExemptionList] The list of custom exemptions

data/lib/liquid/autoescape/errors.rb

@@ -1,7 +1,7 @@
 module Liquid
   module Autoescape
 
-    # The base error from which all other autoescape errors inherit
+    # The base error from which all other auto-escape errors inherit
     class AutoescapeError < StandardError; end
 
     # An error raised when an exemption encounters an issue

data/lib/liquid/autoescape/exemption.rb

@@ -7,7 +7,7 @@ module Liquid
     #
     # Exemptions are created from functions that accept a template variable and
     # and return a boolean value indicating whether or not the variable is
-    # exempt from autoescaping.
+    # exempt from auto-escaping.
     #
     # @example An exemption based on a variable's name
     #   exemption = Exemption.new do |variable|
@@ -20,7 +20,7 @@ module Liquid
     #   end
     class Exemption
 
-      # Create a new autoescaping exemption
+      # Create a new auto-escaping exemption
       #
       # This requires a filter function to be provided that will be passed a
       # +TemplateVariable+ instance that it can use to return a boolean

data/lib/liquid/autoescape/filters.rb

@@ -3,10 +3,10 @@ require "liquid"
 module Liquid
   module Autoescape
 
-    # Liquid filters used to support the autoescape tag
+    # Liquid filters used to support the {% autoescape %} tag
     module Filters
 
-      # Flag an input as exempt from autoescaping
+      # Flag an input as exempt from auto-escaping
       #
       # This is a non-transformative filter that works by registering itself
       # in a variable's filter chain.  If a variable detects this in its

data/lib/liquid/autoescape/liquid_ext/variable.rb

@@ -10,11 +10,11 @@ module Liquid
 
     # Possibly render the variable with HTML escaping applied
     #
-    # If the autoescaping context variable has been set by the +autoescape+ tag
-    # or Liquid autoescaping is globally enabled, this will run the variable
-    # through the global exemption list to determine if it is exempt from
-    # autoescaping.  If it is not, its contents will be rendered as a string
-    # with all unsafe HTML characters escaped.  In all other cases, the
+    # If the auto-escaping context variable has been set by the {% autoescape %}
+    # tag or Liquid auto-escaping is globally enabled, this will run the
+    # variable through the global exemption list to determine if it is exempt
+    # from auto-escaping.  If it is not, its contents will be rendered as a
+    # string with all unsafe HTML characters escaped.  In all other cases, the
     # original, unescaped value of the variable will be rendered.
     #
     # @param [Liquid::Context] context The variable's rendering context

data/lib/liquid/autoescape/version.rb

@@ -1,5 +1,5 @@
 module Liquid
   module Autoescape
-    VERSION = "2.0.0".freeze
+    VERSION = "3.0.0".freeze
   end
 end

data/lib/liquid/autoescape.rb

@@ -5,14 +5,14 @@ require "liquid/autoescape/tags/autoescape"
 module Liquid
   module Autoescape
 
-    # The context variable that stores the autoescape state
+    # The context variable that stores the auto-escape state
     #
     # @private
     ENABLED_FLAG = "liquid_autoescape_enabled".freeze
 
-    # Configure Liquid autoescaping
+    # Configure Liquid auto-escaping
     #
-    # @yieldparam [Liquid::Autoescape::Configuration] config The autoescape configuration
+    # @yieldparam [Liquid::Autoescape::Configuration] config The auto-escape configuration
     def self.configure
       yield(configuration)
     end
@@ -22,7 +22,7 @@ module Liquid
       configuration.reset
     end
 
-    # The current autoescape configuration
+    # The current auto-escape configuration
     #
     # @return [Liquid::Autoescape::Configuration]
     def self.configuration

data/spec/functional/autoescape_tag_spec.rb

@@ -93,7 +93,15 @@ describe "{% autoescape %}" do
     )
   end
 
-  it "supports reading the autoescaping state from a variable" do
+  it "supports nested auto-escaping contexts" do
+    verify_template_output(
+      "{% autoescape true %}{{ variable }}{% autoescape false %}{{ variable }}{% autoescape true %}{{ variable }}{% endautoescape %}{% endautoescape %}{% endautoescape %}",
+      "&&&",
+      "variable" => "&"
+    )
+  end
+
+  it "supports reading the auto-escaping state from a variable" do
     verify_template_output(
       "{% autoescape escape %}{{ variable }}{% endautoescape %}",
       "&",
@@ -107,6 +115,20 @@ describe "{% autoescape %}" do
     expect { Liquid::Template.parse(invalid) }.to raise_error(Liquid::SyntaxError)
   end
 
+  it "does not escape captured variables" do
+    verify_template_output(
+      "{% autoescape %}{% capture variable %}&{% endcapture %}{% endautoescape %}{{ variable }}",
+      "&"
+    )
+  end
+
+  it "can prevent escaping of assigned variables" do
+    verify_template_output(
+      '{% autoescape %}{% autoescape false %}{% assign variable = "&" %}{% endautoescape %}{{ variable }}{% endautoescape %}{{ variable }}',
+      "&&"
+    )
+  end
+
   describe "configuration options" do
 
     after(:each) { Liquid::Autoescape.reconfigure }
@@ -143,7 +165,7 @@ describe "{% autoescape %}" do
         )
       end
 
-      it "supports opting out of autoescaping within a block" do
+      it "supports opting out of auto-escaping within a block" do
         verify_template_output(
           "{{ variable }}{% autoescape false %}{{ variable }}{{ variable }}{% endautoescape %}",
           "&&&",

data/spec/unit/autoescape_spec.rb

@@ -8,7 +8,7 @@ module Liquid
 
     describe ".configure" do
 
-      it "allows autoescape settings to be customized" do
+      it "allows auto-escape settings to be customized" do
         Autoescape.configure do |config|
           expect(config).to be_an_instance_of(Autoescape::Configuration)
         end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: liquid-autoescape
 version: !ruby/object:Gem::Version
-  version: 2.0.0
+  version: 3.0.0
 platform: ruby
 authors:
 - Within3
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2019-03-21 00:00:00.000000000 Z
+date: 2019-03-22 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: liquid