liquid 5.1.0 → 5.4.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/History.md +35 -0
- data/README.md +4 -4
- data/lib/liquid/block_body.rb +6 -6
- data/lib/liquid/condition.rb +7 -1
- data/lib/liquid/context.rb +6 -2
- data/lib/liquid/expression.rb +11 -10
- data/lib/liquid/forloop_drop.rb +44 -1
- data/lib/liquid/locales/en.yml +6 -5
- data/lib/liquid/partial_cache.rb +3 -3
- data/lib/liquid/registers.rb +51 -0
- data/lib/liquid/standardfilters.rb +463 -75
- data/lib/liquid/strainer_factory.rb +15 -10
- data/lib/liquid/strainer_template.rb +9 -0
- data/lib/liquid/tablerowloop_drop.rb +58 -1
- data/lib/liquid/tags/assign.rb +12 -8
- data/lib/liquid/tags/break.rb +8 -0
- data/lib/liquid/tags/capture.rb +13 -10
- data/lib/liquid/tags/case.rb +21 -0
- data/lib/liquid/tags/comment.rb +13 -0
- data/lib/liquid/tags/continue.rb +8 -9
- data/lib/liquid/tags/cycle.rb +12 -11
- data/lib/liquid/tags/decrement.rb +16 -17
- data/lib/liquid/tags/echo.rb +16 -9
- data/lib/liquid/tags/for.rb +22 -43
- data/lib/liquid/tags/if.rb +11 -9
- data/lib/liquid/tags/include.rb +15 -13
- data/lib/liquid/tags/increment.rb +16 -14
- data/lib/liquid/tags/inline_comment.rb +43 -0
- data/lib/liquid/tags/raw.rb +11 -0
- data/lib/liquid/tags/render.rb +29 -4
- data/lib/liquid/tags/table_row.rb +22 -0
- data/lib/liquid/tags/unless.rb +15 -4
- data/lib/liquid/template.rb +2 -3
- data/lib/liquid/variable.rb +4 -4
- data/lib/liquid/variable_lookup.rb +10 -7
- data/lib/liquid/version.rb +1 -1
- data/lib/liquid.rb +4 -4
- metadata +7 -121
- data/lib/liquid/register.rb +0 -6
- data/lib/liquid/static_registers.rb +0 -44
- data/test/fixtures/en_locale.yml +0 -9
- data/test/integration/assign_test.rb +0 -117
- data/test/integration/blank_test.rb +0 -109
- data/test/integration/block_test.rb +0 -58
- data/test/integration/capture_test.rb +0 -58
- data/test/integration/context_test.rb +0 -636
- data/test/integration/document_test.rb +0 -21
- data/test/integration/drop_test.rb +0 -257
- data/test/integration/error_handling_test.rb +0 -272
- data/test/integration/expression_test.rb +0 -46
- data/test/integration/filter_test.rb +0 -189
- data/test/integration/hash_ordering_test.rb +0 -25
- data/test/integration/output_test.rb +0 -125
- data/test/integration/parsing_quirks_test.rb +0 -134
- data/test/integration/profiler_test.rb +0 -213
- data/test/integration/security_test.rb +0 -89
- data/test/integration/standard_filter_test.rb +0 -880
- data/test/integration/tag/disableable_test.rb +0 -59
- data/test/integration/tag_test.rb +0 -45
- data/test/integration/tags/break_tag_test.rb +0 -17
- data/test/integration/tags/continue_tag_test.rb +0 -17
- data/test/integration/tags/echo_test.rb +0 -13
- data/test/integration/tags/for_tag_test.rb +0 -466
- data/test/integration/tags/if_else_tag_test.rb +0 -190
- data/test/integration/tags/include_tag_test.rb +0 -269
- data/test/integration/tags/increment_tag_test.rb +0 -25
- data/test/integration/tags/liquid_tag_test.rb +0 -116
- data/test/integration/tags/raw_tag_test.rb +0 -34
- data/test/integration/tags/render_tag_test.rb +0 -213
- data/test/integration/tags/standard_tag_test.rb +0 -303
- data/test/integration/tags/statements_test.rb +0 -113
- data/test/integration/tags/table_row_test.rb +0 -66
- data/test/integration/tags/unless_else_tag_test.rb +0 -28
- data/test/integration/template_test.rb +0 -340
- data/test/integration/trim_mode_test.rb +0 -563
- data/test/integration/variable_test.rb +0 -138
- data/test/test_helper.rb +0 -207
- data/test/unit/block_unit_test.rb +0 -53
- data/test/unit/condition_unit_test.rb +0 -168
- data/test/unit/file_system_unit_test.rb +0 -37
- data/test/unit/i18n_unit_test.rb +0 -39
- data/test/unit/lexer_unit_test.rb +0 -53
- data/test/unit/parse_tree_visitor_test.rb +0 -261
- data/test/unit/parser_unit_test.rb +0 -84
- data/test/unit/partial_cache_unit_test.rb +0 -128
- data/test/unit/regexp_unit_test.rb +0 -46
- data/test/unit/static_registers_unit_test.rb +0 -156
- data/test/unit/strainer_factory_unit_test.rb +0 -100
- data/test/unit/strainer_template_unit_test.rb +0 -82
- data/test/unit/tag_unit_test.rb +0 -23
- data/test/unit/tags/case_tag_unit_test.rb +0 -12
- data/test/unit/tags/for_tag_unit_test.rb +0 -15
- data/test/unit/tags/if_tag_unit_test.rb +0 -10
- data/test/unit/template_factory_unit_test.rb +0 -12
- data/test/unit/template_unit_test.rb +0 -87
- data/test/unit/tokenizer_unit_test.rb +0 -62
- data/test/unit/variable_unit_test.rb +0 -164
@@ -1,89 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
require 'test_helper'
|
4
|
-
|
5
|
-
module SecurityFilter
|
6
|
-
def add_one(input)
|
7
|
-
"#{input} + 1"
|
8
|
-
end
|
9
|
-
end
|
10
|
-
|
11
|
-
class SecurityTest < Minitest::Test
|
12
|
-
include Liquid
|
13
|
-
|
14
|
-
def setup
|
15
|
-
@assigns = {}
|
16
|
-
end
|
17
|
-
|
18
|
-
def test_no_instance_eval
|
19
|
-
text = %( {{ '1+1' | instance_eval }} )
|
20
|
-
expected = %( 1+1 )
|
21
|
-
|
22
|
-
assert_equal(expected, Template.parse(text).render!(@assigns))
|
23
|
-
end
|
24
|
-
|
25
|
-
def test_no_existing_instance_eval
|
26
|
-
text = %( {{ '1+1' | __instance_eval__ }} )
|
27
|
-
expected = %( 1+1 )
|
28
|
-
|
29
|
-
assert_equal(expected, Template.parse(text).render!(@assigns))
|
30
|
-
end
|
31
|
-
|
32
|
-
def test_no_instance_eval_after_mixing_in_new_filter
|
33
|
-
text = %( {{ '1+1' | instance_eval }} )
|
34
|
-
expected = %( 1+1 )
|
35
|
-
|
36
|
-
assert_equal(expected, Template.parse(text).render!(@assigns))
|
37
|
-
end
|
38
|
-
|
39
|
-
def test_no_instance_eval_later_in_chain
|
40
|
-
text = %( {{ '1+1' | add_one | instance_eval }} )
|
41
|
-
expected = %( 1+1 + 1 )
|
42
|
-
|
43
|
-
assert_equal(expected, Template.parse(text).render!(@assigns, filters: SecurityFilter))
|
44
|
-
end
|
45
|
-
|
46
|
-
def test_does_not_permanently_add_filters_to_symbol_table
|
47
|
-
current_symbols = Symbol.all_symbols
|
48
|
-
|
49
|
-
# MRI imprecisely marks objects found on the C stack, which can result
|
50
|
-
# in uninitialized memory being marked. This can even result in the test failing
|
51
|
-
# deterministically for a given compilation of ruby. Using a separate thread will
|
52
|
-
# keep these writes of the symbol pointer on a separate stack that will be garbage
|
53
|
-
# collected after Thread#join.
|
54
|
-
Thread.new do
|
55
|
-
test = %( {{ "some_string" | a_bad_filter }} )
|
56
|
-
Template.parse(test).render!
|
57
|
-
nil
|
58
|
-
end.join
|
59
|
-
|
60
|
-
GC.start
|
61
|
-
|
62
|
-
assert_equal([], (Symbol.all_symbols - current_symbols))
|
63
|
-
end
|
64
|
-
|
65
|
-
def test_does_not_add_drop_methods_to_symbol_table
|
66
|
-
current_symbols = Symbol.all_symbols
|
67
|
-
|
68
|
-
assigns = { 'drop' => Drop.new }
|
69
|
-
assert_equal("", Template.parse("{{ drop.custom_method_1 }}", assigns).render!)
|
70
|
-
assert_equal("", Template.parse("{{ drop.custom_method_2 }}", assigns).render!)
|
71
|
-
assert_equal("", Template.parse("{{ drop.custom_method_3 }}", assigns).render!)
|
72
|
-
|
73
|
-
assert_equal([], (Symbol.all_symbols - current_symbols))
|
74
|
-
end
|
75
|
-
|
76
|
-
def test_max_depth_nested_blocks_does_not_raise_exception
|
77
|
-
depth = Liquid::Block::MAX_DEPTH
|
78
|
-
code = "{% if true %}" * depth + "rendered" + "{% endif %}" * depth
|
79
|
-
assert_equal("rendered", Template.parse(code).render!)
|
80
|
-
end
|
81
|
-
|
82
|
-
def test_more_than_max_depth_nested_blocks_raises_exception
|
83
|
-
depth = Liquid::Block::MAX_DEPTH + 1
|
84
|
-
code = "{% if true %}" * depth + "rendered" + "{% endif %}" * depth
|
85
|
-
assert_raises(Liquid::StackLevelError) do
|
86
|
-
Template.parse(code).render!
|
87
|
-
end
|
88
|
-
end
|
89
|
-
end # SecurityTest
|