liquid 4.0.4 → 5.0.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/History.md +32 -4
- data/README.md +6 -0
- data/lib/liquid/block.rb +31 -14
- data/lib/liquid/block_body.rb +164 -54
- data/lib/liquid/condition.rb +39 -18
- data/lib/liquid/context.rb +106 -51
- data/lib/liquid/document.rb +47 -9
- data/lib/liquid/drop.rb +4 -2
- data/lib/liquid/errors.rb +20 -18
- data/lib/liquid/expression.rb +29 -34
- data/lib/liquid/extensions.rb +2 -0
- data/lib/liquid/file_system.rb +6 -4
- data/lib/liquid/forloop_drop.rb +11 -4
- data/lib/liquid/i18n.rb +5 -3
- data/lib/liquid/interrupts.rb +3 -1
- data/lib/liquid/lexer.rb +30 -23
- data/lib/liquid/locales/en.yml +3 -1
- data/lib/liquid/parse_context.rb +16 -4
- data/lib/liquid/parse_tree_visitor.rb +2 -2
- data/lib/liquid/parser.rb +30 -18
- data/lib/liquid/parser_switching.rb +17 -3
- data/lib/liquid/partial_cache.rb +24 -0
- data/lib/liquid/profiler/hooks.rb +26 -14
- data/lib/liquid/profiler.rb +67 -86
- data/lib/liquid/range_lookup.rb +5 -3
- data/lib/liquid/register.rb +6 -0
- data/lib/liquid/resource_limits.rb +47 -8
- data/lib/liquid/standardfilters.rb +62 -43
- data/lib/liquid/static_registers.rb +44 -0
- data/lib/liquid/strainer_factory.rb +36 -0
- data/lib/liquid/strainer_template.rb +53 -0
- data/lib/liquid/tablerowloop_drop.rb +6 -4
- data/lib/liquid/tag/disableable.rb +22 -0
- data/lib/liquid/tag/disabler.rb +21 -0
- data/lib/liquid/tag.rb +28 -6
- data/lib/liquid/tags/assign.rb +24 -10
- data/lib/liquid/tags/break.rb +8 -3
- data/lib/liquid/tags/capture.rb +11 -8
- data/lib/liquid/tags/case.rb +33 -27
- data/lib/liquid/tags/comment.rb +5 -3
- data/lib/liquid/tags/continue.rb +8 -3
- data/lib/liquid/tags/cycle.rb +25 -14
- data/lib/liquid/tags/decrement.rb +6 -3
- data/lib/liquid/tags/echo.rb +26 -0
- data/lib/liquid/tags/for.rb +68 -44
- data/lib/liquid/tags/if.rb +35 -23
- data/lib/liquid/tags/ifchanged.rb +11 -10
- data/lib/liquid/tags/include.rb +34 -47
- data/lib/liquid/tags/increment.rb +7 -3
- data/lib/liquid/tags/raw.rb +14 -11
- data/lib/liquid/tags/render.rb +84 -0
- data/lib/liquid/tags/table_row.rb +23 -19
- data/lib/liquid/tags/unless.rb +15 -15
- data/lib/liquid/template.rb +55 -69
- data/lib/liquid/template_factory.rb +9 -0
- data/lib/liquid/tokenizer.rb +17 -9
- data/lib/liquid/usage.rb +8 -0
- data/lib/liquid/utils.rb +5 -3
- data/lib/liquid/variable.rb +47 -19
- data/lib/liquid/variable_lookup.rb +8 -6
- data/lib/liquid/version.rb +2 -1
- data/lib/liquid.rb +17 -5
- data/test/integration/assign_test.rb +74 -5
- data/test/integration/blank_test.rb +11 -8
- data/test/integration/block_test.rb +47 -1
- data/test/integration/capture_test.rb +18 -10
- data/test/integration/context_test.rb +608 -5
- data/test/integration/document_test.rb +4 -2
- data/test/integration/drop_test.rb +67 -57
- data/test/integration/error_handling_test.rb +73 -61
- data/test/integration/expression_test.rb +46 -0
- data/test/integration/filter_test.rb +53 -42
- data/test/integration/hash_ordering_test.rb +5 -3
- data/test/integration/output_test.rb +26 -24
- data/test/integration/parsing_quirks_test.rb +19 -7
- data/test/integration/{render_profiling_test.rb → profiler_test.rb} +84 -25
- data/test/integration/security_test.rb +30 -21
- data/test/integration/standard_filter_test.rb +339 -281
- data/test/integration/tag/disableable_test.rb +59 -0
- data/test/integration/tag_test.rb +45 -0
- data/test/integration/tags/break_tag_test.rb +4 -2
- data/test/integration/tags/continue_tag_test.rb +4 -2
- data/test/integration/tags/echo_test.rb +13 -0
- data/test/integration/tags/for_tag_test.rb +107 -51
- data/test/integration/tags/if_else_tag_test.rb +5 -3
- data/test/integration/tags/include_tag_test.rb +70 -54
- data/test/integration/tags/increment_tag_test.rb +4 -2
- data/test/integration/tags/liquid_tag_test.rb +116 -0
- data/test/integration/tags/raw_tag_test.rb +14 -11
- data/test/integration/tags/render_tag_test.rb +213 -0
- data/test/integration/tags/standard_tag_test.rb +38 -31
- data/test/integration/tags/statements_test.rb +23 -21
- data/test/integration/tags/table_row_test.rb +2 -0
- data/test/integration/tags/unless_else_tag_test.rb +4 -2
- data/test/integration/template_test.rb +118 -124
- data/test/integration/trim_mode_test.rb +78 -44
- data/test/integration/variable_test.rb +43 -32
- data/test/test_helper.rb +75 -14
- data/test/unit/block_unit_test.rb +19 -24
- data/test/unit/condition_unit_test.rb +79 -77
- data/test/unit/file_system_unit_test.rb +6 -4
- data/test/unit/i18n_unit_test.rb +7 -5
- data/test/unit/lexer_unit_test.rb +11 -9
- data/test/{integration → unit}/parse_tree_visitor_test.rb +1 -1
- data/test/unit/parser_unit_test.rb +37 -35
- data/test/unit/partial_cache_unit_test.rb +128 -0
- data/test/unit/regexp_unit_test.rb +17 -15
- data/test/unit/static_registers_unit_test.rb +156 -0
- data/test/unit/strainer_factory_unit_test.rb +100 -0
- data/test/unit/strainer_template_unit_test.rb +82 -0
- data/test/unit/tag_unit_test.rb +5 -3
- data/test/unit/tags/case_tag_unit_test.rb +3 -1
- data/test/unit/tags/for_tag_unit_test.rb +4 -2
- data/test/unit/tags/if_tag_unit_test.rb +3 -1
- data/test/unit/template_factory_unit_test.rb +12 -0
- data/test/unit/template_unit_test.rb +19 -10
- data/test/unit/tokenizer_unit_test.rb +19 -17
- data/test/unit/variable_unit_test.rb +51 -49
- metadata +75 -47
- data/lib/liquid/strainer.rb +0 -66
- data/test/unit/context_unit_test.rb +0 -490
- data/test/unit/strainer_unit_test.rb +0 -164
@@ -1,3 +1,5 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
require 'test_helper'
|
2
4
|
|
3
5
|
module SecurityFilter
|
@@ -14,65 +16,72 @@ class SecurityTest < Minitest::Test
|
|
14
16
|
end
|
15
17
|
|
16
18
|
def test_no_instance_eval
|
17
|
-
text
|
19
|
+
text = %( {{ '1+1' | instance_eval }} )
|
18
20
|
expected = %( 1+1 )
|
19
21
|
|
20
|
-
assert_equal
|
22
|
+
assert_equal(expected, Template.parse(text).render!(@assigns))
|
21
23
|
end
|
22
24
|
|
23
25
|
def test_no_existing_instance_eval
|
24
|
-
text
|
26
|
+
text = %( {{ '1+1' | __instance_eval__ }} )
|
25
27
|
expected = %( 1+1 )
|
26
28
|
|
27
|
-
assert_equal
|
29
|
+
assert_equal(expected, Template.parse(text).render!(@assigns))
|
28
30
|
end
|
29
31
|
|
30
32
|
def test_no_instance_eval_after_mixing_in_new_filter
|
31
|
-
text
|
33
|
+
text = %( {{ '1+1' | instance_eval }} )
|
32
34
|
expected = %( 1+1 )
|
33
35
|
|
34
|
-
assert_equal
|
36
|
+
assert_equal(expected, Template.parse(text).render!(@assigns))
|
35
37
|
end
|
36
38
|
|
37
39
|
def test_no_instance_eval_later_in_chain
|
38
|
-
text
|
40
|
+
text = %( {{ '1+1' | add_one | instance_eval }} )
|
39
41
|
expected = %( 1+1 + 1 )
|
40
42
|
|
41
|
-
assert_equal
|
43
|
+
assert_equal(expected, Template.parse(text).render!(@assigns, filters: SecurityFilter))
|
42
44
|
end
|
43
45
|
|
44
|
-
def
|
46
|
+
def test_does_not_permanently_add_filters_to_symbol_table
|
45
47
|
current_symbols = Symbol.all_symbols
|
46
48
|
|
47
|
-
|
49
|
+
# MRI imprecisely marks objects found on the C stack, which can result
|
50
|
+
# in uninitialized memory being marked. This can even result in the test failing
|
51
|
+
# deterministically for a given compilation of ruby. Using a separate thread will
|
52
|
+
# keep these writes of the symbol pointer on a separate stack that will be garbage
|
53
|
+
# collected after Thread#join.
|
54
|
+
Thread.new do
|
55
|
+
test = %( {{ "some_string" | a_bad_filter }} )
|
56
|
+
Template.parse(test).render!
|
57
|
+
nil
|
58
|
+
end.join
|
48
59
|
|
49
|
-
|
50
|
-
assert_equal [], (Symbol.all_symbols - current_symbols)
|
60
|
+
GC.start
|
51
61
|
|
52
|
-
|
53
|
-
assert_equal [], (Symbol.all_symbols - current_symbols)
|
62
|
+
assert_equal([], (Symbol.all_symbols - current_symbols))
|
54
63
|
end
|
55
64
|
|
56
65
|
def test_does_not_add_drop_methods_to_symbol_table
|
57
66
|
current_symbols = Symbol.all_symbols
|
58
67
|
|
59
68
|
assigns = { 'drop' => Drop.new }
|
60
|
-
assert_equal
|
61
|
-
assert_equal
|
62
|
-
assert_equal
|
69
|
+
assert_equal("", Template.parse("{{ drop.custom_method_1 }}", assigns).render!)
|
70
|
+
assert_equal("", Template.parse("{{ drop.custom_method_2 }}", assigns).render!)
|
71
|
+
assert_equal("", Template.parse("{{ drop.custom_method_3 }}", assigns).render!)
|
63
72
|
|
64
|
-
assert_equal
|
73
|
+
assert_equal([], (Symbol.all_symbols - current_symbols))
|
65
74
|
end
|
66
75
|
|
67
76
|
def test_max_depth_nested_blocks_does_not_raise_exception
|
68
77
|
depth = Liquid::Block::MAX_DEPTH
|
69
|
-
code
|
70
|
-
assert_equal
|
78
|
+
code = "{% if true %}" * depth + "rendered" + "{% endif %}" * depth
|
79
|
+
assert_equal("rendered", Template.parse(code).render!)
|
71
80
|
end
|
72
81
|
|
73
82
|
def test_more_than_max_depth_nested_blocks_raises_exception
|
74
83
|
depth = Liquid::Block::MAX_DEPTH + 1
|
75
|
-
code
|
84
|
+
code = "{% if true %}" * depth + "rendered" + "{% endif %}" * depth
|
76
85
|
assert_raises(Liquid::StackLevelError) do
|
77
86
|
Template.parse(code).render!
|
78
87
|
end
|