liquid 4.0.3 → 4.0.4
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/History.md +5 -0
- data/lib/liquid/standardfilters.rb +1 -1
- data/lib/liquid/template.rb +2 -4
- data/lib/liquid/variable.rb +1 -24
- data/lib/liquid/version.rb +1 -1
- data/test/integration/drop_test.rb +1 -27
- data/test/integration/parse_tree_visitor_test.rb +1 -1
- data/test/test_helper.rb +0 -8
- data/test/unit/context_unit_test.rb +1 -0
- metadata +46 -48
- data/lib/liquid/truffle.rb +0 -5
- data/test/truffle/truffle_test.rb +0 -9
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: ae99512510282650089e97c58625dcab92cbdedb2cc50c69c088e078e0290b78
|
4
|
+
data.tar.gz: 69e457ce77a78d9fd682f8970938c35ed7c3dc4909bcebe40ef9049047c3f7c7
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: daf900da795bd9bdce2109ca6afcb49ecc11bed0160545f7e937b7df249d75d76866e8e781e5b075965c5dfeafed36265872fc629086ae4954b94e513f6ed45e
|
7
|
+
data.tar.gz: 69208388a33189f42b04dd02fccaeeb93cbd6bfd741c55092db939cee1675e503bf63bcf3d08e3927514d0217fe1017f1bbb8630ee506446468e09f0e6c19c56
|
data/History.md
CHANGED
data/lib/liquid/template.rb
CHANGED
@@ -63,10 +63,7 @@ module Liquid
|
|
63
63
|
# :strict will enforce correct syntax.
|
64
64
|
attr_writer :error_mode
|
65
65
|
|
66
|
-
#
|
67
|
-
# :lax is the default, and ignores the taint flag completely
|
68
|
-
# :warn adds a warning, but does not interrupt the rendering
|
69
|
-
# :error raises an error when tainted output is used
|
66
|
+
# Deprecated. No longer used. Removed in version 5
|
70
67
|
attr_writer :taint_mode
|
71
68
|
|
72
69
|
attr_accessor :default_exception_renderer
|
@@ -94,6 +91,7 @@ module Liquid
|
|
94
91
|
@error_mode ||= :lax
|
95
92
|
end
|
96
93
|
|
94
|
+
# Deprecated. Removed in version 5
|
97
95
|
def taint_mode
|
98
96
|
@taint_mode ||= :lax
|
99
97
|
end
|
data/lib/liquid/variable.rb
CHANGED
@@ -84,11 +84,7 @@ module Liquid
|
|
84
84
|
context.invoke(filter_name, output, *filter_args)
|
85
85
|
end
|
86
86
|
|
87
|
-
|
88
|
-
|
89
|
-
taint_check(context, obj)
|
90
|
-
|
91
|
-
obj
|
87
|
+
context.apply_global_filter(obj)
|
92
88
|
end
|
93
89
|
|
94
90
|
private
|
@@ -120,25 +116,6 @@ module Liquid
|
|
120
116
|
parsed_args
|
121
117
|
end
|
122
118
|
|
123
|
-
def taint_check(context, obj)
|
124
|
-
return unless obj.tainted?
|
125
|
-
return if Template.taint_mode == :lax
|
126
|
-
|
127
|
-
@markup =~ QuotedFragment
|
128
|
-
name = Regexp.last_match(0)
|
129
|
-
|
130
|
-
error = TaintedError.new("variable '#{name}' is tainted and was not escaped")
|
131
|
-
error.line_number = line_number
|
132
|
-
error.template_name = context.template_name
|
133
|
-
|
134
|
-
case Template.taint_mode
|
135
|
-
when :warn
|
136
|
-
context.warnings << error
|
137
|
-
when :error
|
138
|
-
raise error
|
139
|
-
end
|
140
|
-
end
|
141
|
-
|
142
119
|
class ParseTreeVisitor < Liquid::ParseTreeVisitor
|
143
120
|
def children
|
144
121
|
[@node.name] + @node.filters.flatten
|
data/lib/liquid/version.rb
CHANGED
@@ -48,7 +48,7 @@ class ProductDrop < Liquid::Drop
|
|
48
48
|
end
|
49
49
|
|
50
50
|
def user_input
|
51
|
-
"foo"
|
51
|
+
"foo"
|
52
52
|
end
|
53
53
|
|
54
54
|
protected
|
@@ -112,32 +112,6 @@ class DropsTest < Minitest::Test
|
|
112
112
|
assert_equal ' ', tpl.render!('product' => ProductDrop.new)
|
113
113
|
end
|
114
114
|
|
115
|
-
def test_rendering_raises_on_tainted_attr
|
116
|
-
with_taint_mode(:error) do
|
117
|
-
tpl = Liquid::Template.parse('{{ product.user_input }}')
|
118
|
-
assert_raises TaintedError do
|
119
|
-
tpl.render!('product' => ProductDrop.new)
|
120
|
-
end
|
121
|
-
end
|
122
|
-
end
|
123
|
-
|
124
|
-
def test_rendering_warns_on_tainted_attr
|
125
|
-
with_taint_mode(:warn) do
|
126
|
-
tpl = Liquid::Template.parse('{{ product.user_input }}')
|
127
|
-
context = Context.new('product' => ProductDrop.new)
|
128
|
-
tpl.render!(context)
|
129
|
-
assert_equal [Liquid::TaintedError], context.warnings.map(&:class)
|
130
|
-
assert_equal "variable 'product.user_input' is tainted and was not escaped", context.warnings.first.to_s(false)
|
131
|
-
end
|
132
|
-
end
|
133
|
-
|
134
|
-
def test_rendering_doesnt_raise_on_escaped_tainted_attr
|
135
|
-
with_taint_mode(:error) do
|
136
|
-
tpl = Liquid::Template.parse('{{ product.user_input | escape }}')
|
137
|
-
tpl.render!('product' => ProductDrop.new)
|
138
|
-
end
|
139
|
-
end
|
140
|
-
|
141
115
|
def test_drop_does_only_respond_to_whitelisted_methods
|
142
116
|
assert_equal "", Liquid::Template.parse("{{ product.inspect }}").render!('product' => ProductDrop.new)
|
143
117
|
assert_equal "", Liquid::Template.parse("{{ product.pretty_inspect }}").render!('product' => ProductDrop.new)
|
@@ -238,7 +238,7 @@ class ParseTreeVisitorTest < Minitest::Test
|
|
238
238
|
def traversal(template)
|
239
239
|
ParseTreeVisitor
|
240
240
|
.for(Template.parse(template).root)
|
241
|
-
.add_callback_for(VariableLookup
|
241
|
+
.add_callback_for(VariableLookup) { |node| node.name } # rubocop:disable Style/SymbolProc
|
242
242
|
end
|
243
243
|
|
244
244
|
def visit(template)
|
data/test/test_helper.rb
CHANGED
@@ -69,14 +69,6 @@ module Minitest
|
|
69
69
|
Liquid::Strainer.class_variable_set(:@@global_strainer, original_global_strainer)
|
70
70
|
end
|
71
71
|
|
72
|
-
def with_taint_mode(mode)
|
73
|
-
old_mode = Liquid::Template.taint_mode
|
74
|
-
Liquid::Template.taint_mode = mode
|
75
|
-
yield
|
76
|
-
ensure
|
77
|
-
Liquid::Template.taint_mode = old_mode
|
78
|
-
end
|
79
|
-
|
80
72
|
def with_error_mode(mode)
|
81
73
|
old_mode = Liquid::Template.error_mode
|
82
74
|
Liquid::Template.error_mode = mode
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: liquid
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 4.0.
|
4
|
+
version: 4.0.4
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Tobias Lütke
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2023-01-11 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: rake
|
@@ -16,14 +16,14 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - "~>"
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: '
|
19
|
+
version: '13.0'
|
20
20
|
type: :development
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - "~>"
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: '
|
26
|
+
version: '13.0'
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: minitest
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
@@ -96,7 +96,6 @@ files:
|
|
96
96
|
- lib/liquid/tags/unless.rb
|
97
97
|
- lib/liquid/template.rb
|
98
98
|
- lib/liquid/tokenizer.rb
|
99
|
-
- lib/liquid/truffle.rb
|
100
99
|
- lib/liquid/utils.rb
|
101
100
|
- lib/liquid/variable.rb
|
102
101
|
- lib/liquid/variable_lookup.rb
|
@@ -133,7 +132,6 @@ files:
|
|
133
132
|
- test/integration/trim_mode_test.rb
|
134
133
|
- test/integration/variable_test.rb
|
135
134
|
- test/test_helper.rb
|
136
|
-
- test/truffle/truffle_test.rb
|
137
135
|
- test/unit/block_unit_test.rb
|
138
136
|
- test/unit/condition_unit_test.rb
|
139
137
|
- test/unit/context_unit_test.rb
|
@@ -153,7 +151,8 @@ files:
|
|
153
151
|
homepage: http://www.liquidmarkup.org
|
154
152
|
licenses:
|
155
153
|
- MIT
|
156
|
-
metadata:
|
154
|
+
metadata:
|
155
|
+
allowed_push_host: https://rubygems.org
|
157
156
|
post_install_message:
|
158
157
|
rdoc_options: []
|
159
158
|
require_paths:
|
@@ -169,57 +168,56 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
169
168
|
- !ruby/object:Gem::Version
|
170
169
|
version: 1.3.7
|
171
170
|
requirements: []
|
172
|
-
rubygems_version: 3.
|
171
|
+
rubygems_version: 3.3.3
|
173
172
|
signing_key:
|
174
173
|
specification_version: 4
|
175
174
|
summary: A secure, non-evaling end user template engine with aesthetic markup.
|
176
175
|
test_files:
|
177
|
-
- test/
|
178
|
-
- test/unit/block_unit_test.rb
|
179
|
-
- test/unit/variable_unit_test.rb
|
180
|
-
- test/unit/parser_unit_test.rb
|
181
|
-
- test/unit/tags/if_tag_unit_test.rb
|
182
|
-
- test/unit/tags/case_tag_unit_test.rb
|
183
|
-
- test/unit/tags/for_tag_unit_test.rb
|
184
|
-
- test/unit/context_unit_test.rb
|
185
|
-
- test/unit/tokenizer_unit_test.rb
|
186
|
-
- test/unit/tag_unit_test.rb
|
187
|
-
- test/unit/i18n_unit_test.rb
|
188
|
-
- test/unit/template_unit_test.rb
|
189
|
-
- test/unit/condition_unit_test.rb
|
190
|
-
- test/unit/file_system_unit_test.rb
|
191
|
-
- test/unit/regexp_unit_test.rb
|
192
|
-
- test/unit/strainer_unit_test.rb
|
193
|
-
- test/integration/output_test.rb
|
194
|
-
- test/integration/hash_ordering_test.rb
|
195
|
-
- test/integration/variable_test.rb
|
196
|
-
- test/integration/blank_test.rb
|
197
|
-
- test/integration/parse_tree_visitor_test.rb
|
176
|
+
- test/fixtures/en_locale.yml
|
198
177
|
- test/integration/assign_test.rb
|
199
|
-
- test/integration/
|
200
|
-
- test/integration/
|
178
|
+
- test/integration/blank_test.rb
|
179
|
+
- test/integration/block_test.rb
|
201
180
|
- test/integration/capture_test.rb
|
202
|
-
- test/integration/
|
181
|
+
- test/integration/context_test.rb
|
182
|
+
- test/integration/document_test.rb
|
183
|
+
- test/integration/drop_test.rb
|
184
|
+
- test/integration/error_handling_test.rb
|
185
|
+
- test/integration/filter_test.rb
|
186
|
+
- test/integration/hash_ordering_test.rb
|
187
|
+
- test/integration/output_test.rb
|
188
|
+
- test/integration/parse_tree_visitor_test.rb
|
189
|
+
- test/integration/parsing_quirks_test.rb
|
190
|
+
- test/integration/render_profiling_test.rb
|
191
|
+
- test/integration/security_test.rb
|
192
|
+
- test/integration/standard_filter_test.rb
|
193
|
+
- test/integration/tags/break_tag_test.rb
|
194
|
+
- test/integration/tags/continue_tag_test.rb
|
203
195
|
- test/integration/tags/for_tag_test.rb
|
204
|
-
- test/integration/tags/
|
205
|
-
- test/integration/tags/table_row_test.rb
|
196
|
+
- test/integration/tags/if_else_tag_test.rb
|
206
197
|
- test/integration/tags/include_tag_test.rb
|
198
|
+
- test/integration/tags/increment_tag_test.rb
|
207
199
|
- test/integration/tags/raw_tag_test.rb
|
200
|
+
- test/integration/tags/standard_tag_test.rb
|
208
201
|
- test/integration/tags/statements_test.rb
|
209
|
-
- test/integration/tags/
|
202
|
+
- test/integration/tags/table_row_test.rb
|
210
203
|
- test/integration/tags/unless_else_tag_test.rb
|
211
|
-
- test/integration/tags/continue_tag_test.rb
|
212
|
-
- test/integration/tags/break_tag_test.rb
|
213
|
-
- test/integration/block_test.rb
|
214
|
-
- test/integration/standard_filter_test.rb
|
215
|
-
- test/integration/drop_test.rb
|
216
|
-
- test/integration/error_handling_test.rb
|
217
204
|
- test/integration/template_test.rb
|
218
|
-
- test/integration/
|
219
|
-
- test/integration/
|
220
|
-
- test/integration/render_profiling_test.rb
|
221
|
-
- test/integration/parsing_quirks_test.rb
|
222
|
-
- test/integration/filter_test.rb
|
223
|
-
- test/truffle/truffle_test.rb
|
224
|
-
- test/fixtures/en_locale.yml
|
205
|
+
- test/integration/trim_mode_test.rb
|
206
|
+
- test/integration/variable_test.rb
|
225
207
|
- test/test_helper.rb
|
208
|
+
- test/unit/block_unit_test.rb
|
209
|
+
- test/unit/condition_unit_test.rb
|
210
|
+
- test/unit/context_unit_test.rb
|
211
|
+
- test/unit/file_system_unit_test.rb
|
212
|
+
- test/unit/i18n_unit_test.rb
|
213
|
+
- test/unit/lexer_unit_test.rb
|
214
|
+
- test/unit/parser_unit_test.rb
|
215
|
+
- test/unit/regexp_unit_test.rb
|
216
|
+
- test/unit/strainer_unit_test.rb
|
217
|
+
- test/unit/tag_unit_test.rb
|
218
|
+
- test/unit/tags/case_tag_unit_test.rb
|
219
|
+
- test/unit/tags/for_tag_unit_test.rb
|
220
|
+
- test/unit/tags/if_tag_unit_test.rb
|
221
|
+
- test/unit/template_unit_test.rb
|
222
|
+
- test/unit/tokenizer_unit_test.rb
|
223
|
+
- test/unit/variable_unit_test.rb
|
data/lib/liquid/truffle.rb
DELETED