liquid 4.0.0 → 5.10.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: 68c0e92a0c24e19463a4ef68801093b2be0211bb
-  data.tar.gz: d80ceddfb328477c4fd8ed52faa893088bfd86ef
+SHA256:
+  metadata.gz: 1b12ad70375f0ed9e3a2bab4a0a53ea565f3082af8d5bc06f4dea13a0a4ac574
+  data.tar.gz: 04c2f7494b1ab0f97a2a33ad9d39c9c573a33b42bd109df8d42bb5e26d245f01
 SHA512:
-  metadata.gz: 2232e4b2053dbcbad922fa89b53c79366aad0ad2f649a9d8e0dec5d6100c572c88bc8ec3a941df8063138cb02ffb9f68269dac3581d780c695b2c96e940cb366
-  data.tar.gz: 3695492ac392acc500f6ee10758dc5d15991289f0ca5fd16e0c770056cf0a4db928b2d7d29af1f7bb9c1eb4951c7e42854ab48409d373d6780ddd7ce2c27f357
+  metadata.gz: dc94bd83ae20e716eabf8ab2ce9f1fe9f8ff45dee6e0acac91f9095c32557c94d08e5a3c1b473c268c5a6a6d63a4d4ca10170406f062545545f63c1980a4d392
+  data.tar.gz: 0f19c1d79039fda7a6e485cf794cde252817dc43bd292351b7bc53d1adabd12919e18cc0870fcf3db3c0018e22ef91a1507ded76b27719fb30b79414e04d3d2f

data/History.md

@@ -1,6 +1,236 @@
 # Liquid Change Log
 
-## 4.0.0 / not yet released / branch "master"
+## 5.10.0
+* Introduce support for Inline Snippets [Julia Boutin]
+  ```
+  {%- snippet snowdevil -%}
+    Snowdevil
+  {%- endsnippet -%}
+  {% render snowdevil %}
+  ```
+
+## 5.9.0
+* Introduce `:rigid` error mode for stricter, safer parsing of all tags [CP Clermont, Guilherme Carreiro]
+
+## 5.8.7
+* Expose body content in the `Doc` tag [James Meng]
+
+## 5.8.1
+
+* Fix `{% doc %}` tag to be visitable [Guilherme Carreiro]
+
+## 5.8.0
+
+* Introduce the new `{% doc %}` tag [Guilherme Carreiro]
+
+## 5.7.3
+
+* Raise Liquid::SyntaxError when parsing invalidly encoded strings [Chris AtLee]
+
+## 5.7.2 2025-01-31
+
+* Fix array filters to not support nested properties [Guilherme Carreiro]
+
+## 5.7.1 2025-01-24
+
+* Fix the `find` and `find_index`filters to return `nil` when filtering empty arrays [Guilherme Carreiro]
+* Fix the `has` filter to return `false` when filtering empty arrays [Guilherme Carreiro]
+
+## 5.7.0 2025-01-16
+
+### Features
+
+* Add `find`, `find_index`, `has`, and `reject` filters to arrays [Guilherme Carreiro]
+* Compatibility with Ruby 3.4 [Ian Ker-Seymer]
+
+## 5.6.4 2025-01-14
+
+### Fixes
+* Add a default `string_scanner` to avoid errors with `Liquid::VariableLookup.parse("foo.bar")` [Ian Ker-Seymer]
+
+## 5.6.3 2025-01-13
+* Remove `lru_redux` dependency [Michael Go]
+
+## 5.6.2 2025-01-13
+
+### Fixes
+* Preserve the old behavior of requiring floats to start with a digit [Michael Go]
+
+## 5.6.1 2025-01-13
+
+### Performance improvements
+* Faster Expression parser / Tokenizer with StringScanner [Michael Go]
+
+## 5.6.0 2024-12-19
+
+### Architectural changes
+* Added new `Environment` class to manage configuration and state that was previously stored in `Template` [Ian Ker-Seymer]
+* Moved tag registration from `Template` to `Environment` [Ian Ker-Seymer]
+* Removed `StrainerFactory` in favor of `Environment`-based strainer creation [Ian Ker-Seymer]
+* Consolidated standard tags into a new `Tags` module with `STANDARD_TAGS` constant [Ian Ker-Seymer]
+
+### Performance improvements
+* Optimized `Lexer` with a new `Lexer2` implementation using jump tables for faster tokenization, requires Ruby 3.4 [Ian Ker-Seymer]
+* Improved variable rendering with specialized handling for different types [Michael Go]
+* Reduced array allocations by using frozen empty constants [Michael Go]
+
+### API changes
+* Deprecated several `Template` class methods in favor of `Environment` methods [Ian Ker-Seymer]
+* Added deprecation warnings system [Ian Ker-Seymer]
+* Changed how filters and tags are registered to use Environment [Ian Ker-Seymer]
+
+### Fixes
+* Fixed table row handling of break interrupts [Alex Coco]
+* Improved variable output handling for arrays [Ian Ker-Seymer]
+* Fix Tokenizer to handle null source value (#1873) [Bahar Pourazar]
+
+## 5.5.0 2024-03-21
+
+Please reference the GitHub release for more information.
+
+## 5.4.0 2022-07-29
+
+### Breaking Changes
+* Drop support for end-of-life Ruby versions (2.5 and 2.6) (#1578) [Andy Waite]
+
+### Features
+* Allow `#` to be used as an inline comment tag (#1498) [CP Clermont]
+
+### Fixes
+* `PartialCache` now shares snippet cache with subcontexts by default (#1553) [Chris AtLee]
+* Hash registers no longer leak into subcontexts as static registers (#1564) [Chris AtLee]
+* Fix `ParseTreeVisitor` for `with` variable expressions in `Render` tag (#1596) [CP Clermont]
+
+### Changed
+* Liquid::Context#registers now always returns a Liquid::Registers object, though supports the most used Hash functions for compatibility (#1553)
+
+## 5.3.0 2022-03-22
+
+### Fixes
+* StandardFilter: Fix missing @context on iterations (#1525) [Thierry Joyal]
+* Fix warning about block and default value in `static_registers.rb` (#1531) [Peter Zhu]
+
+### Deprecation
+* Condition#evaluate to require mandatory context argument in Liquid 6.0.0 (#1527) [Thierry Joyal]
+
+## 5.2.0 2022-03-01
+
+### Features
+* Add `remove_last`, and `replace_last` filters (#1422) [Anders Hagbard]
+* Eagerly cache global filters (#1524) [Jean Boussier]
+
+### Fixes
+* Fix some internal errors in filters from invalid input (#1476) [Dylan Thacker-Smith]
+* Allow dash in filter kwarg name for consistency with Liquid::C (#1518) [CP Clermont]
+
+## 5.1.0 / 2021-09-09
+
+### Features
+* Add `base64_encode`, `base64_decode`, `base64_url_safe_encode`, and `base64_url_safe_decode` filters (#1450) [Daniel Insley]
+* Introduce `to_liquid_value` in `Liquid::Drop` (#1441) [Michael Go]
+
+### Fixes
+* Fix support for using a String subclass for the liquid source (#1421) [Dylan Thacker-Smith]
+* Add `ParseTreeVisitor` to `RangeLookup` (#1470) [CP Clermont]
+* Translate `RangeError` to `Liquid::Error` for `truncatewords` with large int (#1431) [Dylan Thacker-Smith]
+
+## 5.0.1 / 2021-03-24
+
+### Fixes
+* Add ParseTreeVisitor to Echo tag (#1414) [CP Clermont]
+* Test with ruby 3.0 as the latest ruby version (#1398) [Dylan Thacker-Smith]
+* Handle carriage return in newlines_to_br (#1391) [Unending]
+
+### Performance Improvements
+* Use split limit in truncatewords (#1361) [Dylan Thacker-Smith]
+
+## 5.0.0 / 2021-01-06
+
+### Features
+* Add new `{% render %}` tag (#1122) [Samuel Doiron]
+* Add support for `as` in `{% render %}` and `{% include %}` (#1181) [Mike Angell]
+* Add `{% liquid %}` and `{% echo %}` tags (#1086) [Justin Li]
+* Add [usage tracking](README.md#usage-tracking) [Mike Angell]
+* Add `Tag.disable_tags` for disabling tags that prepend `Tag::Disableable` at render time (#1162, #1274, #1275) [Mike Angell]
+* Support using a profiler for multiple renders (#1365, #1366) [Dylan Thacker-Smith]
+
+### Fixes
+* Fix catastrophic backtracking in `RANGES_REGEX` regular expression (#1357) [Dylan Thacker-Smith]
+* Make sure the for tag's limit and offset are integers (#1094) [David Cornu]
+* Invokable methods for enumerable reject include (#1151) [Thierry Joyal]
+* Allow `default` filter to handle `false` as value (#1144) [Mike Angell]
+* Fix render length resource limit so it doesn't multiply nested output (#1285) [Dylan Thacker-Smith]
+* Fix duplication of text in raw tags (#1304) [Peter Zhu]
+* Fix strict parsing of find variable with a name expression (#1317) [Dylan Thacker-Smith]
+* Use monotonic time to measure durations in Liquid::Profiler (#1362) [Dylan Thacker-Smith]
+
+### Breaking Changes
+* Require Ruby >= 2.5 (#1131, #1310) [Mike Angell, Dylan Thacker-Smith]
+* Remove support for taint checking (#1268) [Dylan Thacker-Smith]
+* Split Strainer class into StrainerFactory and StrainerTemplate (#1208) [Thierry Joyal]
+* Remove handling of a nil context in the Strainer class (#1218) [Thierry Joyal]
+* Handle `BlockBody#blank?` at parse time (#1287) [Dylan Thacker-Smith]
+* Pass the tag markup and tokenizer to `Document#unknown_tag` (#1290) [Dylan Thacker-Smith]
+* And several internal changes
+
+### Performance Improvements
+* Reduce allocations (#1073, #1091, #1115, #1099, #1117, #1141, #1322, #1341) [Richard Monette, Florian Weingarten, Ashwin Maroli]
+* Improve resources limits performance (#1093, #1323) [Florian Weingarten, Dylan Thacker-Smith]
+
+## 4.0.3 / 2019-03-12
+
+### Fixed
+* Fix break and continue tags inside included templates in loops (#1072) [Justin Li]
+
+## 4.0.2 / 2019-03-08
+
+### Changed
+* Add `where` filter (#1026) [Samuel Doiron]
+* Add `ParseTreeVisitor` to iterate the Liquid AST (#1025) [Stephen Paul Weber]
+* Improve `strip_html` performance (#1032) [printercu]
+
+### Fixed
+* Add error checking for invalid combinations of inputs to sort, sort_natural, where, uniq, map, compact filters (#1059) [Garland Zhang]
+* Validate the character encoding in url_decode (#1070) [Clayton Smith]
+
+## 4.0.1 / 2018-10-09
+
+### Changed
+* Add benchmark group in Gemfile (#855) [Jerry Liu]
+* Allow benchmarks to benchmark render by itself (#851) [Jerry Liu]
+* Avoid calling `line_number` on String node when rescuing a render error. (#860) [Dylan Thacker-Smith]
+* Avoid duck typing to detect whether to call render on a node. [Dylan Thacker-Smith]
+* Clarify spelling of `reversed` on `for` block tag (#843) [Mark Crossfield]
+* Replace recursion with loop to avoid potential stack overflow from malicious input (#891, #892) [Dylan Thacker-Smith]
+* Limit block tag nesting to 100 (#894) [Dylan Thacker-Smith]
+* Replace `assert_equal nil` with `assert_nil` (#895) [Dylan Thacker-Smith]
+* Remove Spy Gem (#896) [Dylan Thacker-Smith]
+* Add `collection_name` and `variable_name` reader to `For` block (#909)
+* Symbols render as strings (#920) [Justin Li]
+* Remove default value from Hash objects (#932) [Maxime Bedard]
+* Remove one level of nesting (#944) [Dylan Thacker-Smith]
+* Update Rubocop version (#952) [Justin Li]
+* Add `at_least` and `at_most` filters (#954, #958) [Nithin Bekal]
+* Add a regression test for a liquid-c trim mode bug (#972) [Dylan Thacker-Smith]
+* Use https rather than git protocol to fetch liquid-c [Dylan Thacker-Smith]
+* Add tests against Ruby 2.4 (#963) and 2.5 (#981)
+* Replace RegExp literals with constants (#988) [Ashwin Maroli]
+* Replace unnecessary `#each_with_index` with `#each` (#992) [Ashwin Maroli]
+* Improve the unexpected end delimiter message for block tags. (#1003) [Dylan Thacker-Smith]
+* Refactor and optimize rendering (#1005) [Christopher Aue]
+* Add installation instruction (#1006) [Ben Gift]
+* Remove Circle CI (#1010)
+* Rename deprecated `BigDecimal.new` to `BigDecimal` (#1024) [Koichi ITO]
+* Rename deprecated Rubocop name (#1027) [Justin Li]
+
+### Fixed
+* Handle `join` filter on non String joiners (#857) [Richard Monette]
+* Fix duplicate inclusion condition logic error of `Liquid::Strainer.add_filter` method (#861)
+* Fix `escape`, `url_encode`, `url_decode` not handling non-string values (#898) [Thierry Joyal]
+* Fix raise when variable is defined but nil when using `strict_variables` [Pascal Betz]
+* Fix `sort` and `sort_natural` to handle arrays with nils (#930) [Eric Chan]
+
+## 4.0.0 / 2016-12-14 / branch "4-0-stable"
 
 ### Changed
 * Render an opaque internal error by default for non-Liquid::Error (#835) [Dylan Thacker-Smith]
@@ -20,10 +250,13 @@
 * Add concat filter to concatenate arrays (#429) [Diogo Beato]
 * Ruby 1.9 support dropped (#491) [Justin Li]
 * Liquid::Template.file_system's read_template_file method is no longer passed the context. (#441) [James Reid-Smith]
-* Remove support for `liquid_methods`
+* Remove `liquid_methods` (See https://github.com/Shopify/liquid/pull/568 for replacement)
 * Liquid::Template.register_filter raises when the module overrides registered public methods as private or protected (#705) [Gaurav Chande]
 
 ### Fixed
+
+* Fix variable names being detected as an operator when starting with contains (#788) [Michael Angell]
+* Fix include tag used with strict_variables (#828) [QuickPay]
 * Fix map filter when value is a Proc (#672) [Guillaume Malette]
 * Fix truncate filter when value is not a string (#672) [Guillaume Malette]
 * Fix behaviour of escape filter when input is nil (#665) [Tanel Jakobsoo]

data/README.md

@@ -1,11 +1,11 @@
-[![Build Status](https://api.travis-ci.org/Shopify/liquid.svg?branch=master)](http://travis-ci.org/Shopify/liquid)
+[![Build status](https://github.com/Shopify/liquid/actions/workflows/liquid.yml/badge.svg)](https://github.com/Shopify/liquid/actions/workflows/liquid.yml)
 [![Inline docs](http://inch-ci.org/github/Shopify/liquid.svg?branch=master)](http://inch-ci.org/github/Shopify/liquid)
 
 # Liquid template engine
 
 * [Contributing guidelines](CONTRIBUTING.md)
 * [Version history](History.md)
-* [Liquid documentation from Shopify](http://docs.shopify.com/themes/liquid-basics)
+* [Liquid documentation from Shopify](https://shopify.dev/docs/api/liquid)
 * [Liquid Wiki at GitHub](https://github.com/Shopify/liquid/wiki)
 * [Website](http://liquidmarkup.org/)
 
@@ -42,6 +42,8 @@ Liquid is a template engine which was written with very specific requirements:
 
 ## How to use Liquid
 
+Install Liquid by adding `gem 'liquid'` to your gemfile.
+
 Liquid supports a very simple API based around the Liquid::Template class.
 For standard use you can just pass it the content of a file and call render with a parameters hash.
 
@@ -50,24 +52,66 @@ For standard use you can just pass it the content of a file and call render with
 @template.render('name' => 'tobi')                # => "hi tobi"
 ```
 
+### Concept of Environments
+
+In Liquid, a "Environment" is a scoped environment that encapsulates custom tags, filters, and other configurations. This allows you to define and isolate different sets of functionality for different contexts, avoiding global overrides that can lead to conflicts and unexpected behavior.
+
+By using environments, you can:
+
+1. **Encapsulate Logic**: Keep the logic for different parts of your application separate.
+2. **Avoid Conflicts**: Prevent custom tags and filters from clashing with each other.
+3. **Improve Maintainability**: Make it easier to manage and understand the scope of customizations.
+4. **Enhance Security**: Limit the availability of certain tags and filters to specific contexts.
+
+We encourage the use of Environments over globally overriding things because it promotes better software design principles such as modularity, encapsulation, and separation of concerns.
+
+Here's an example of how you can define and use Environments in Liquid:
+
+```ruby
+user_environment = Liquid::Environment.build do |environment|
+  environment.register_tag("renderobj", RenderObjTag)
+end
+
+Liquid::Template.parse(<<~LIQUID, environment: user_environment)
+  {% renderobj src: "path/to/model.obj" %}
+LIQUID
+```
+
+In this example, `RenderObjTag` is a custom tag that is only available within the `user_environment`.
+
+Similarly, you can define another environment for a different context, such as email templates:
+
+```ruby
+email_environment = Liquid::Environment.build do |environment|
+  environment.register_tag("unsubscribe_footer", UnsubscribeFooter)
+end
+
+Liquid::Template.parse(<<~LIQUID, environment: email_environment)
+  {% unsubscribe_footer %}
+LIQUID
+```
+
+By using Environments, you ensure that custom tags and filters are only available in the contexts where they are needed, making your Liquid templates more robust and easier to manage. For smaller projects, a global environment is available via `Liquid::Environment.default`.
+
 ### Error Modes
 
 Setting the error mode of Liquid lets you specify how strictly you want your templates to be interpreted.
 Normally the parser is very lax and will accept almost anything without error. Unfortunately this can make
-it very hard to debug and can lead to unexpected behaviour. 
+it very hard to debug and can lead to unexpected behaviour.
 
-Liquid also comes with a stricter parser that can be used when editing templates to give better error messages
+Liquid also comes with different parsers that can be used when editing templates to give better error messages
 when templates are invalid. You can enable this new parser like this:
 
 ```ruby
-Liquid::Template.error_mode = :strict # Raises a SyntaxError when invalid syntax is used
-Liquid::Template.error_mode = :warn # Adds errors to template.errors but continues as normal
-Liquid::Template.error_mode = :lax # The default mode, accepts almost anything.
+Liquid::Environment.default.error_mode = :rigid  # Raises a SyntaxError when invalid syntax is used in all tags
+Liquid::Environment.default.error_mode = :strict # Raises a SyntaxError when invalid syntax is used in some tags
+Liquid::Environment.default.error_mode = :warn   # Adds strict errors to template.errors but continues as normal
+Liquid::Environment.default.error_mode = :lax    # The default mode, accepts almost anything.
 ```
 
 If you want to set the error mode only on specific templates you can pass `:error_mode` as an option to `parse`:
 ```ruby
-Liquid::Template.parse(source, :error_mode => :strict)
+Liquid::Template.parse(source, error_mode: :strict)
 ```
 This is useful for doing things like enabling strict mode only in the theme editor.
 
@@ -104,3 +148,9 @@ template = Liquid::Template.parse("{{x}} {{y}}")
 template.render!({ 'x' => 1}, { strict_variables: true })
 #=> Liquid::UndefinedVariable: Liquid error: undefined variable y
 ```
+
+### Usage tracking
+
+To help track usages of a feature or code path in production, we have released opt-in usage tracking. To enable this, we provide an empty `Liquid:: Usage.increment` method which you can customize to your needs. The feature is well suited to https://github.com/Shopify/statsd-instrument. However, the choice of implementation is up to you.
+
+Once you have enabled usage tracking, we recommend reporting any events through Github Issues that your system may be logging. It is highly likely this event has been added to consider deprecating or improving code specific to this event, so please raise any concerns.

data/lib/liquid/block.rb

@@ -1,16 +1,22 @@
+# frozen_string_literal: true
+
 module Liquid
   class Block < Tag
+    MAX_DEPTH = 100
+
     def initialize(tag_name, markup, options)
       super
       @blank = true
     end
 
     def parse(tokens)
-      @body = BlockBody.new
+      @body = new_body
       while parse_body(@body, tokens)
       end
+      @body.freeze
     end
 
+    # For backwards compatibility
     def render(context)
       @body.render(context)
     end
@@ -23,20 +29,33 @@ module Liquid
       @body.nodelist
     end
 
-    def unknown_tag(tag, _params, _tokens)
-      case tag
-      when 'else'.freeze
-        raise SyntaxError.new(parse_context.locale.t("errors.syntax.unexpected_else".freeze,
-          block_name: block_name))
-      when 'end'.freeze
-        raise SyntaxError.new(parse_context.locale.t("errors.syntax.invalid_delimiter".freeze,
+    def unknown_tag(tag_name, _markup, _tokenizer)
+      Block.raise_unknown_tag(tag_name, block_name, block_delimiter, parse_context)
+    end
+
+    # @api private
+    def self.raise_unknown_tag(tag, block_name, block_delimiter, parse_context)
+      if tag == 'else'
+        raise SyntaxError, parse_context.locale.t(
+          "errors.syntax.unexpected_else",
+          block_name: block_name,
+        )
+      elsif tag.start_with?('end')
+        raise SyntaxError, parse_context.locale.t(
+          "errors.syntax.invalid_delimiter",
+          tag: tag,
           block_name: block_name,
-          block_delimiter: block_delimiter))
+          block_delimiter: block_delimiter,
+        )
       else
-        raise SyntaxError.new(parse_context.locale.t("errors.syntax.unknown_tag".freeze, tag: tag))
+        raise SyntaxError, parse_context.locale.t("errors.syntax.unknown_tag", tag: tag)
       end
     end
 
+    def raise_tag_never_closed(block_name)
+      raise SyntaxError, parse_context.locale.t("errors.syntax.tag_never_closed", block_name: block_name)
+    end
+
     def block_name
       @tag_name
     end
@@ -45,20 +64,32 @@ module Liquid
       @block_delimiter ||= "end#{block_name}"
     end
 
-    protected
+    private
+
+    # @api public
+    def new_body
+      parse_context.new_block_body
+    end
 
+    # @api public
     def parse_body(body, tokens)
-      body.parse(tokens, parse_context) do |end_tag_name, end_tag_params|
-        @blank &&= body.blank?
+      if parse_context.depth >= MAX_DEPTH
+        raise StackLevelError, "Nesting too deep"
+      end
+      parse_context.depth += 1
+      begin
+        body.parse(tokens, parse_context) do |end_tag_name, end_tag_params|
+          @blank &&= body.blank?
 
-        return false if end_tag_name == block_delimiter
-        unless end_tag_name
-          raise SyntaxError.new(parse_context.locale.t("errors.syntax.tag_never_closed".freeze, block_name: block_name))
-        end
+          return false if end_tag_name == block_delimiter
+          raise_tag_never_closed(block_name) unless end_tag_name
 
-        # this tag is not registered with the system
-        # pass it to the current block for special handling or error reporting
-        unknown_tag(end_tag_name, end_tag_params, tokens)
+          # this tag is not registered with the system
+          # pass it to the current block for special handling or error reporting
+          unknown_tag(end_tag_name, end_tag_params, tokens)
+        end
+      ensure
+        parse_context.depth -= 1
       end
 
       true