liquid 4.0.3 → 4.0.4

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: e41c3a6ffee8037dec34a186cf023e2ccb09ac4f94d0c9a812ea02fd50559bf7
4
- data.tar.gz: ff088908363f5a54e5833c64d32b441fb679503340b5f7511de99eb257fd4289
3
+ metadata.gz: ae99512510282650089e97c58625dcab92cbdedb2cc50c69c088e078e0290b78
4
+ data.tar.gz: 69e457ce77a78d9fd682f8970938c35ed7c3dc4909bcebe40ef9049047c3f7c7
5
5
  SHA512:
6
- metadata.gz: 6b726a02e92f8d9fac005e07034aeee32dd2eae3a2b342fb4e9e648dc79da4c086de92e1e1a24bf52054a4a2b0a74af17f89fdd6c3cbbb2982e4b5b5971a23c2
7
- data.tar.gz: e875f98a0b30f914ec1703781bfb443e737ea11675829c3e98fca96524dfe30a72fb9adf59c7855f85eda8014c2e6a9850d911b22cb96a63d2eac52e91273a42
6
+ metadata.gz: daf900da795bd9bdce2109ca6afcb49ecc11bed0160545f7e937b7df249d75d76866e8e781e5b075965c5dfeafed36265872fc629086ae4954b94e513f6ed45e
7
+ data.tar.gz: 69208388a33189f42b04dd02fccaeeb93cbd6bfd741c55092db939cee1675e503bf63bcf3d08e3927514d0217fe1017f1bbb8630ee506446468e09f0e6c19c56
data/History.md CHANGED
@@ -1,5 +1,10 @@
1
1
  # Liquid Change Log
2
2
 
3
+ ## 4.0.4 / (unreleased)
4
+
5
+ ### Fixed
6
+ * Fix ruby 3.2 compatibility by avoiding use of the removed taint API
7
+
3
8
  ## 4.0.3 / 2019-03-12
4
9
 
5
10
  ### Fixed
@@ -39,7 +39,7 @@ module Liquid
39
39
  end
40
40
 
41
41
  def escape(input)
42
- CGI.escapeHTML(input.to_s).untaint unless input.nil?
42
+ CGI.escapeHTML(input.to_s) unless input.nil?
43
43
  end
44
44
  alias_method :h, :escape
45
45
 
@@ -63,10 +63,7 @@ module Liquid
63
63
  # :strict will enforce correct syntax.
64
64
  attr_writer :error_mode
65
65
 
66
- # Sets how strict the taint checker should be.
67
- # :lax is the default, and ignores the taint flag completely
68
- # :warn adds a warning, but does not interrupt the rendering
69
- # :error raises an error when tainted output is used
66
+ # Deprecated. No longer used. Removed in version 5
70
67
  attr_writer :taint_mode
71
68
 
72
69
  attr_accessor :default_exception_renderer
@@ -94,6 +91,7 @@ module Liquid
94
91
  @error_mode ||= :lax
95
92
  end
96
93
 
94
+ # Deprecated. Removed in version 5
97
95
  def taint_mode
98
96
  @taint_mode ||= :lax
99
97
  end
@@ -84,11 +84,7 @@ module Liquid
84
84
  context.invoke(filter_name, output, *filter_args)
85
85
  end
86
86
 
87
- obj = context.apply_global_filter(obj)
88
-
89
- taint_check(context, obj)
90
-
91
- obj
87
+ context.apply_global_filter(obj)
92
88
  end
93
89
 
94
90
  private
@@ -120,25 +116,6 @@ module Liquid
120
116
  parsed_args
121
117
  end
122
118
 
123
- def taint_check(context, obj)
124
- return unless obj.tainted?
125
- return if Template.taint_mode == :lax
126
-
127
- @markup =~ QuotedFragment
128
- name = Regexp.last_match(0)
129
-
130
- error = TaintedError.new("variable '#{name}' is tainted and was not escaped")
131
- error.line_number = line_number
132
- error.template_name = context.template_name
133
-
134
- case Template.taint_mode
135
- when :warn
136
- context.warnings << error
137
- when :error
138
- raise error
139
- end
140
- end
141
-
142
119
  class ParseTreeVisitor < Liquid::ParseTreeVisitor
143
120
  def children
144
121
  [@node.name] + @node.filters.flatten
@@ -1,5 +1,5 @@
1
1
  # encoding: utf-8
2
2
 
3
3
  module Liquid
4
- VERSION = "4.0.3".freeze
4
+ VERSION = "4.0.4".freeze
5
5
  end
@@ -48,7 +48,7 @@ class ProductDrop < Liquid::Drop
48
48
  end
49
49
 
50
50
  def user_input
51
- "foo".taint
51
+ "foo"
52
52
  end
53
53
 
54
54
  protected
@@ -112,32 +112,6 @@ class DropsTest < Minitest::Test
112
112
  assert_equal ' ', tpl.render!('product' => ProductDrop.new)
113
113
  end
114
114
 
115
- def test_rendering_raises_on_tainted_attr
116
- with_taint_mode(:error) do
117
- tpl = Liquid::Template.parse('{{ product.user_input }}')
118
- assert_raises TaintedError do
119
- tpl.render!('product' => ProductDrop.new)
120
- end
121
- end
122
- end
123
-
124
- def test_rendering_warns_on_tainted_attr
125
- with_taint_mode(:warn) do
126
- tpl = Liquid::Template.parse('{{ product.user_input }}')
127
- context = Context.new('product' => ProductDrop.new)
128
- tpl.render!(context)
129
- assert_equal [Liquid::TaintedError], context.warnings.map(&:class)
130
- assert_equal "variable 'product.user_input' is tainted and was not escaped", context.warnings.first.to_s(false)
131
- end
132
- end
133
-
134
- def test_rendering_doesnt_raise_on_escaped_tainted_attr
135
- with_taint_mode(:error) do
136
- tpl = Liquid::Template.parse('{{ product.user_input | escape }}')
137
- tpl.render!('product' => ProductDrop.new)
138
- end
139
- end
140
-
141
115
  def test_drop_does_only_respond_to_whitelisted_methods
142
116
  assert_equal "", Liquid::Template.parse("{{ product.inspect }}").render!('product' => ProductDrop.new)
143
117
  assert_equal "", Liquid::Template.parse("{{ product.pretty_inspect }}").render!('product' => ProductDrop.new)
@@ -238,7 +238,7 @@ class ParseTreeVisitorTest < Minitest::Test
238
238
  def traversal(template)
239
239
  ParseTreeVisitor
240
240
  .for(Template.parse(template).root)
241
- .add_callback_for(VariableLookup, &:name)
241
+ .add_callback_for(VariableLookup) { |node| node.name } # rubocop:disable Style/SymbolProc
242
242
  end
243
243
 
244
244
  def visit(template)
data/test/test_helper.rb CHANGED
@@ -69,14 +69,6 @@ module Minitest
69
69
  Liquid::Strainer.class_variable_set(:@@global_strainer, original_global_strainer)
70
70
  end
71
71
 
72
- def with_taint_mode(mode)
73
- old_mode = Liquid::Template.taint_mode
74
- Liquid::Template.taint_mode = mode
75
- yield
76
- ensure
77
- Liquid::Template.taint_mode = old_mode
78
- end
79
-
80
72
  def with_error_mode(mode)
81
73
  old_mode = Liquid::Template.error_mode
82
74
  Liquid::Template.error_mode = mode
@@ -447,6 +447,7 @@ class ContextUnitTest < Minitest::Test
447
447
  end
448
448
 
449
449
  def test_interrupt_avoids_object_allocations
450
+ @context.interrupt? # ruby 3.0.0 allocates on the first call
450
451
  assert_no_object_allocations do
451
452
  @context.interrupt?
452
453
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: liquid
3
3
  version: !ruby/object:Gem::Version
4
- version: 4.0.3
4
+ version: 4.0.4
5
5
  platform: ruby
6
6
  authors:
7
7
  - Tobias Lütke
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2019-03-12 00:00:00.000000000 Z
11
+ date: 2023-01-11 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rake
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - "~>"
18
18
  - !ruby/object:Gem::Version
19
- version: '11.3'
19
+ version: '13.0'
20
20
  type: :development
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - "~>"
25
25
  - !ruby/object:Gem::Version
26
- version: '11.3'
26
+ version: '13.0'
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: minitest
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -96,7 +96,6 @@ files:
96
96
  - lib/liquid/tags/unless.rb
97
97
  - lib/liquid/template.rb
98
98
  - lib/liquid/tokenizer.rb
99
- - lib/liquid/truffle.rb
100
99
  - lib/liquid/utils.rb
101
100
  - lib/liquid/variable.rb
102
101
  - lib/liquid/variable_lookup.rb
@@ -133,7 +132,6 @@ files:
133
132
  - test/integration/trim_mode_test.rb
134
133
  - test/integration/variable_test.rb
135
134
  - test/test_helper.rb
136
- - test/truffle/truffle_test.rb
137
135
  - test/unit/block_unit_test.rb
138
136
  - test/unit/condition_unit_test.rb
139
137
  - test/unit/context_unit_test.rb
@@ -153,7 +151,8 @@ files:
153
151
  homepage: http://www.liquidmarkup.org
154
152
  licenses:
155
153
  - MIT
156
- metadata: {}
154
+ metadata:
155
+ allowed_push_host: https://rubygems.org
157
156
  post_install_message:
158
157
  rdoc_options: []
159
158
  require_paths:
@@ -169,57 +168,56 @@ required_rubygems_version: !ruby/object:Gem::Requirement
169
168
  - !ruby/object:Gem::Version
170
169
  version: 1.3.7
171
170
  requirements: []
172
- rubygems_version: 3.0.2
171
+ rubygems_version: 3.3.3
173
172
  signing_key:
174
173
  specification_version: 4
175
174
  summary: A secure, non-evaling end user template engine with aesthetic markup.
176
175
  test_files:
177
- - test/unit/lexer_unit_test.rb
178
- - test/unit/block_unit_test.rb
179
- - test/unit/variable_unit_test.rb
180
- - test/unit/parser_unit_test.rb
181
- - test/unit/tags/if_tag_unit_test.rb
182
- - test/unit/tags/case_tag_unit_test.rb
183
- - test/unit/tags/for_tag_unit_test.rb
184
- - test/unit/context_unit_test.rb
185
- - test/unit/tokenizer_unit_test.rb
186
- - test/unit/tag_unit_test.rb
187
- - test/unit/i18n_unit_test.rb
188
- - test/unit/template_unit_test.rb
189
- - test/unit/condition_unit_test.rb
190
- - test/unit/file_system_unit_test.rb
191
- - test/unit/regexp_unit_test.rb
192
- - test/unit/strainer_unit_test.rb
193
- - test/integration/output_test.rb
194
- - test/integration/hash_ordering_test.rb
195
- - test/integration/variable_test.rb
196
- - test/integration/blank_test.rb
197
- - test/integration/parse_tree_visitor_test.rb
176
+ - test/fixtures/en_locale.yml
198
177
  - test/integration/assign_test.rb
199
- - test/integration/trim_mode_test.rb
200
- - test/integration/context_test.rb
178
+ - test/integration/blank_test.rb
179
+ - test/integration/block_test.rb
201
180
  - test/integration/capture_test.rb
202
- - test/integration/tags/increment_tag_test.rb
181
+ - test/integration/context_test.rb
182
+ - test/integration/document_test.rb
183
+ - test/integration/drop_test.rb
184
+ - test/integration/error_handling_test.rb
185
+ - test/integration/filter_test.rb
186
+ - test/integration/hash_ordering_test.rb
187
+ - test/integration/output_test.rb
188
+ - test/integration/parse_tree_visitor_test.rb
189
+ - test/integration/parsing_quirks_test.rb
190
+ - test/integration/render_profiling_test.rb
191
+ - test/integration/security_test.rb
192
+ - test/integration/standard_filter_test.rb
193
+ - test/integration/tags/break_tag_test.rb
194
+ - test/integration/tags/continue_tag_test.rb
203
195
  - test/integration/tags/for_tag_test.rb
204
- - test/integration/tags/standard_tag_test.rb
205
- - test/integration/tags/table_row_test.rb
196
+ - test/integration/tags/if_else_tag_test.rb
206
197
  - test/integration/tags/include_tag_test.rb
198
+ - test/integration/tags/increment_tag_test.rb
207
199
  - test/integration/tags/raw_tag_test.rb
200
+ - test/integration/tags/standard_tag_test.rb
208
201
  - test/integration/tags/statements_test.rb
209
- - test/integration/tags/if_else_tag_test.rb
202
+ - test/integration/tags/table_row_test.rb
210
203
  - test/integration/tags/unless_else_tag_test.rb
211
- - test/integration/tags/continue_tag_test.rb
212
- - test/integration/tags/break_tag_test.rb
213
- - test/integration/block_test.rb
214
- - test/integration/standard_filter_test.rb
215
- - test/integration/drop_test.rb
216
- - test/integration/error_handling_test.rb
217
204
  - test/integration/template_test.rb
218
- - test/integration/document_test.rb
219
- - test/integration/security_test.rb
220
- - test/integration/render_profiling_test.rb
221
- - test/integration/parsing_quirks_test.rb
222
- - test/integration/filter_test.rb
223
- - test/truffle/truffle_test.rb
224
- - test/fixtures/en_locale.yml
205
+ - test/integration/trim_mode_test.rb
206
+ - test/integration/variable_test.rb
225
207
  - test/test_helper.rb
208
+ - test/unit/block_unit_test.rb
209
+ - test/unit/condition_unit_test.rb
210
+ - test/unit/context_unit_test.rb
211
+ - test/unit/file_system_unit_test.rb
212
+ - test/unit/i18n_unit_test.rb
213
+ - test/unit/lexer_unit_test.rb
214
+ - test/unit/parser_unit_test.rb
215
+ - test/unit/regexp_unit_test.rb
216
+ - test/unit/strainer_unit_test.rb
217
+ - test/unit/tag_unit_test.rb
218
+ - test/unit/tags/case_tag_unit_test.rb
219
+ - test/unit/tags/for_tag_unit_test.rb
220
+ - test/unit/tags/if_tag_unit_test.rb
221
+ - test/unit/template_unit_test.rb
222
+ - test/unit/tokenizer_unit_test.rb
223
+ - test/unit/variable_unit_test.rb
@@ -1,5 +0,0 @@
1
- module Liquid
2
- module Truffle
3
-
4
- end
5
- end
@@ -1,9 +0,0 @@
1
- require 'test_helper'
2
-
3
- class TruffleTest < Minitest::Test
4
- include Liquid
5
-
6
- def test_truffle_works
7
-
8
- end
9
- end