liquid 4.0.2 → 4.0.4

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: e3124f91e43cab43cf6782b093c0387d9189bd951b911ab1ade84024e5b84bf3
-  data.tar.gz: 40c04d46b3a1a51a775832cabf161fc870bde43b72d2857a8a8cf736e1909a43
+  metadata.gz: ae99512510282650089e97c58625dcab92cbdedb2cc50c69c088e078e0290b78
+  data.tar.gz: 69e457ce77a78d9fd682f8970938c35ed7c3dc4909bcebe40ef9049047c3f7c7
 SHA512:
-  metadata.gz: 71deb80c6d970684e424fb8e4ca0a817399dc0b6564a7308093158a94ace0e24cac5d8e08a8b015327937b8dd45be25532dd8d9e02de0c3677f08297a08638dd
-  data.tar.gz: 79490a2f0db69914e01c69fdcf135cc3541609cfca29017154d3c33325c57f682c3d90bbfa0bca1a7f3d82e4cbe4af5259a77cf42861c142921491e21949bddf
+  metadata.gz: daf900da795bd9bdce2109ca6afcb49ecc11bed0160545f7e937b7df249d75d76866e8e781e5b075965c5dfeafed36265872fc629086ae4954b94e513f6ed45e
+  data.tar.gz: 69208388a33189f42b04dd02fccaeeb93cbd6bfd741c55092db939cee1675e503bf63bcf3d08e3927514d0217fe1017f1bbb8630ee506446468e09f0e6c19c56

data/History.md

@@ -1,5 +1,15 @@
 # Liquid Change Log
 
+## 4.0.4 / (unreleased)
+
+### Fixed
+* Fix ruby 3.2 compatibility by avoiding use of the removed taint API
+
+## 4.0.3 / 2019-03-12
+
+### Fixed
+* Fix break and continue tags inside included templates in loops (#1072) [Justin Li]
+
 ## 4.0.2 / 2019-03-08
 
 ### Changed

data/lib/liquid/block_body.rb

@@ -89,6 +89,7 @@ module Liquid
           break
         else # Other non-Block tags
           render_node_to_output(node, output, context)
+          break if context.interrupt? # might have happened through an include
         end
         idx += 1
       end

data/lib/liquid/standardfilters.rb

@@ -39,7 +39,7 @@ module Liquid
     end
 
     def escape(input)
-      CGI.escapeHTML(input.to_s).untaint unless input.nil?
+      CGI.escapeHTML(input.to_s) unless input.nil?
     end
     alias_method :h, :escape
 

data/lib/liquid/template.rb

@@ -63,10 +63,7 @@ module Liquid
       # :strict will enforce correct syntax.
       attr_writer :error_mode
 
-      # Sets how strict the taint checker should be.
-      # :lax is the default, and ignores the taint flag completely
-      # :warn adds a warning, but does not interrupt the rendering
-      # :error raises an error when tainted output is used
+      # Deprecated. No longer used. Removed in version 5
       attr_writer :taint_mode
 
       attr_accessor :default_exception_renderer
@@ -94,6 +91,7 @@ module Liquid
         @error_mode ||= :lax
       end
 
+      # Deprecated. Removed in version 5
       def taint_mode
         @taint_mode ||= :lax
       end

data/lib/liquid/variable.rb

@@ -84,11 +84,7 @@ module Liquid
         context.invoke(filter_name, output, *filter_args)
       end
 
-      obj = context.apply_global_filter(obj)
-
-      taint_check(context, obj)
-
-      obj
+      context.apply_global_filter(obj)
     end
 
     private
@@ -120,25 +116,6 @@ module Liquid
       parsed_args
     end
 
-    def taint_check(context, obj)
-      return unless obj.tainted?
-      return if Template.taint_mode == :lax
-
-      @markup =~ QuotedFragment
-      name = Regexp.last_match(0)
-
-      error = TaintedError.new("variable '#{name}' is tainted and was not escaped")
-      error.line_number = line_number
-      error.template_name = context.template_name
-
-      case Template.taint_mode
-      when :warn
-        context.warnings << error
-      when :error
-        raise error
-      end
-    end
-
     class ParseTreeVisitor < Liquid::ParseTreeVisitor
       def children
         [@node.name] + @node.filters.flatten

data/lib/liquid/version.rb

@@ -1,5 +1,5 @@
 # encoding: utf-8
 
 module Liquid
-  VERSION = "4.0.2".freeze
+  VERSION = "4.0.4".freeze
 end

data/test/integration/drop_test.rb

@@ -48,7 +48,7 @@ class ProductDrop < Liquid::Drop
   end
 
   def user_input
-    "foo".taint
+    "foo"
   end
 
   protected
@@ -112,32 +112,6 @@ class DropsTest < Minitest::Test
     assert_equal '  ', tpl.render!('product' => ProductDrop.new)
   end
 
-  def test_rendering_raises_on_tainted_attr
-    with_taint_mode(:error) do
-      tpl = Liquid::Template.parse('{{ product.user_input }}')
-      assert_raises TaintedError do
-        tpl.render!('product' => ProductDrop.new)
-      end
-    end
-  end
-
-  def test_rendering_warns_on_tainted_attr
-    with_taint_mode(:warn) do
-      tpl = Liquid::Template.parse('{{ product.user_input }}')
-      context = Context.new('product' => ProductDrop.new)
-      tpl.render!(context)
-      assert_equal [Liquid::TaintedError], context.warnings.map(&:class)
-      assert_equal "variable 'product.user_input' is tainted and was not escaped", context.warnings.first.to_s(false)
-    end
-  end
-
-  def test_rendering_doesnt_raise_on_escaped_tainted_attr
-    with_taint_mode(:error) do
-      tpl = Liquid::Template.parse('{{ product.user_input | escape }}')
-      tpl.render!('product' => ProductDrop.new)
-    end
-  end
-
   def test_drop_does_only_respond_to_whitelisted_methods
     assert_equal "", Liquid::Template.parse("{{ product.inspect }}").render!('product' => ProductDrop.new)
     assert_equal "", Liquid::Template.parse("{{ product.pretty_inspect }}").render!('product' => ProductDrop.new)

data/test/integration/parse_tree_visitor_test.rb

@@ -238,7 +238,7 @@ class ParseTreeVisitorTest < Minitest::Test
   def traversal(template)
     ParseTreeVisitor
       .for(Template.parse(template).root)
-      .add_callback_for(VariableLookup, &:name)
+      .add_callback_for(VariableLookup) { |node| node.name } # rubocop:disable Style/SymbolProc
   end
 
   def visit(template)

data/test/integration/tags/include_tag_test.rb

@@ -30,6 +30,9 @@ class TestFileSystem
     when 'assignments'
       "{% assign foo = 'bar' %}"
 
+    when 'break'
+      "{% break %}"
+
     else
       template_path
     end
@@ -242,4 +245,9 @@ class IncludeTagTest < Minitest::Test
 
     assert_equal [], template.errors
   end
+
+  def test_break_through_include
+    assert_template_result "1", "{% for i in (1..3) %}{{ i }}{% break %}{{ i }}{% endfor %}"
+    assert_template_result "1", "{% for i in (1..3) %}{{ i }}{% include 'break' %}{{ i }}{% endfor %}"
+  end
 end # IncludeTagTest

data/test/test_helper.rb

@@ -69,14 +69,6 @@ module Minitest
       Liquid::Strainer.class_variable_set(:@@global_strainer, original_global_strainer)
     end
 
-    def with_taint_mode(mode)
-      old_mode = Liquid::Template.taint_mode
-      Liquid::Template.taint_mode = mode
-      yield
-    ensure
-      Liquid::Template.taint_mode = old_mode
-    end
-
     def with_error_mode(mode)
       old_mode = Liquid::Template.error_mode
       Liquid::Template.error_mode = mode

data/test/unit/context_unit_test.rb

@@ -447,6 +447,7 @@ class ContextUnitTest < Minitest::Test
   end
 
   def test_interrupt_avoids_object_allocations
+    @context.interrupt? # ruby 3.0.0 allocates on the first call
     assert_no_object_allocations do
       @context.interrupt?
     end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: liquid
 version: !ruby/object:Gem::Version
-  version: 4.0.2
+  version: 4.0.4
 platform: ruby
 authors:
 - Tobias Lütke
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2019-03-08 00:00:00.000000000 Z
+date: 2023-01-11 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rake
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '11.3'
+        version: '13.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '11.3'
+        version: '13.0'
 - !ruby/object:Gem::Dependency
   name: minitest
   requirement: !ruby/object:Gem::Requirement
@@ -96,7 +96,6 @@ files:
 - lib/liquid/tags/unless.rb
 - lib/liquid/template.rb
 - lib/liquid/tokenizer.rb
-- lib/liquid/truffle.rb
 - lib/liquid/utils.rb
 - lib/liquid/variable.rb
 - lib/liquid/variable_lookup.rb
@@ -133,7 +132,6 @@ files:
 - test/integration/trim_mode_test.rb
 - test/integration/variable_test.rb
 - test/test_helper.rb
-- test/truffle/truffle_test.rb
 - test/unit/block_unit_test.rb
 - test/unit/condition_unit_test.rb
 - test/unit/context_unit_test.rb
@@ -153,7 +151,8 @@ files:
 homepage: http://www.liquidmarkup.org
 licenses:
 - MIT
-metadata: {}
+metadata:
+  allowed_push_host: https://rubygems.org
 post_install_message: 
 rdoc_options: []
 require_paths:
@@ -169,57 +168,56 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: 1.3.7
 requirements: []
-rubygems_version: 3.0.2
+rubygems_version: 3.3.3
 signing_key: 
 specification_version: 4
 summary: A secure, non-evaling end user template engine with aesthetic markup.
 test_files:
-- test/unit/lexer_unit_test.rb
-- test/unit/block_unit_test.rb
-- test/unit/variable_unit_test.rb
-- test/unit/parser_unit_test.rb
-- test/unit/tags/if_tag_unit_test.rb
-- test/unit/tags/case_tag_unit_test.rb
-- test/unit/tags/for_tag_unit_test.rb
-- test/unit/context_unit_test.rb
-- test/unit/tokenizer_unit_test.rb
-- test/unit/tag_unit_test.rb
-- test/unit/i18n_unit_test.rb
-- test/unit/template_unit_test.rb
-- test/unit/condition_unit_test.rb
-- test/unit/file_system_unit_test.rb
-- test/unit/regexp_unit_test.rb
-- test/unit/strainer_unit_test.rb
-- test/integration/output_test.rb
-- test/integration/hash_ordering_test.rb
-- test/integration/variable_test.rb
-- test/integration/blank_test.rb
-- test/integration/parse_tree_visitor_test.rb
+- test/fixtures/en_locale.yml
 - test/integration/assign_test.rb
-- test/integration/trim_mode_test.rb
-- test/integration/context_test.rb
+- test/integration/blank_test.rb
+- test/integration/block_test.rb
 - test/integration/capture_test.rb
-- test/integration/tags/increment_tag_test.rb
+- test/integration/context_test.rb
+- test/integration/document_test.rb
+- test/integration/drop_test.rb
+- test/integration/error_handling_test.rb
+- test/integration/filter_test.rb
+- test/integration/hash_ordering_test.rb
+- test/integration/output_test.rb
+- test/integration/parse_tree_visitor_test.rb
+- test/integration/parsing_quirks_test.rb
+- test/integration/render_profiling_test.rb
+- test/integration/security_test.rb
+- test/integration/standard_filter_test.rb
+- test/integration/tags/break_tag_test.rb
+- test/integration/tags/continue_tag_test.rb
 - test/integration/tags/for_tag_test.rb
-- test/integration/tags/standard_tag_test.rb
-- test/integration/tags/table_row_test.rb
+- test/integration/tags/if_else_tag_test.rb
 - test/integration/tags/include_tag_test.rb
+- test/integration/tags/increment_tag_test.rb
 - test/integration/tags/raw_tag_test.rb
+- test/integration/tags/standard_tag_test.rb
 - test/integration/tags/statements_test.rb
-- test/integration/tags/if_else_tag_test.rb
+- test/integration/tags/table_row_test.rb
 - test/integration/tags/unless_else_tag_test.rb
-- test/integration/tags/continue_tag_test.rb
-- test/integration/tags/break_tag_test.rb
-- test/integration/block_test.rb
-- test/integration/standard_filter_test.rb
-- test/integration/drop_test.rb
-- test/integration/error_handling_test.rb
 - test/integration/template_test.rb
-- test/integration/document_test.rb
-- test/integration/security_test.rb
-- test/integration/render_profiling_test.rb
-- test/integration/parsing_quirks_test.rb
-- test/integration/filter_test.rb
-- test/truffle/truffle_test.rb
-- test/fixtures/en_locale.yml
+- test/integration/trim_mode_test.rb
+- test/integration/variable_test.rb
 - test/test_helper.rb
+- test/unit/block_unit_test.rb
+- test/unit/condition_unit_test.rb
+- test/unit/context_unit_test.rb
+- test/unit/file_system_unit_test.rb
+- test/unit/i18n_unit_test.rb
+- test/unit/lexer_unit_test.rb
+- test/unit/parser_unit_test.rb
+- test/unit/regexp_unit_test.rb
+- test/unit/strainer_unit_test.rb
+- test/unit/tag_unit_test.rb
+- test/unit/tags/case_tag_unit_test.rb
+- test/unit/tags/for_tag_unit_test.rb
+- test/unit/tags/if_tag_unit_test.rb
+- test/unit/template_unit_test.rb
+- test/unit/tokenizer_unit_test.rb
+- test/unit/variable_unit_test.rb

data/lib/liquid/truffle.rb

@@ -1,5 +0,0 @@
-module Liquid
-  module Truffle
-
-  end
-end

data/test/truffle/truffle_test.rb

@@ -1,9 +0,0 @@
-require 'test_helper'
-
-class TruffleTest < Minitest::Test
-  include Liquid
-
-  def test_truffle_works
-
-  end
-end