phoenix/hugo
1
0
Fork 0
mirror of https://github.com/gohugoio/hugo.git synced 2024-07-02 12:27:51 +00:00
Code Issues Packages Projects Releases Wiki Activity
6703 commits 121 branches 275 tags 212 MiB
Commit graph

1848 commits

Author SHA1 Message Date
Bjørn Erik Pedersen f4389e48ce
Add some basic security policies with sensible defaults 
This ommmit contains some security hardening measures for the Hugo build runtime.

There are some rarely used features in Hugo that would be good to have disabled by default. One example would be the "external helpers".

For `asciidoctor` and some others we use Go's `os/exec` package to start a new process.

These are a predefined set of binary names, all loaded from `PATH` and with a predefined set of arguments. Still, if you don't use `asciidoctor` in your project, you might as well have it turned off.

You can configure your own in the new `security` configuration section, but the defaults are configured to create a minimal amount of site breakage. And if that do happen, you will get clear instructions in the loa about what to do.

The default configuration is listed below. Note that almost all of these options are regular expression _whitelists_ (a string or a slice); the value `none` will block all.

```toml
[security]
  enableInlineShortcodes = false
  [security.exec]
    allow = ['^dart-sass-embedded$', '^go$', '^npx$', '^postcss$']
    osEnv = ['(?i)^(PATH|PATHEXT|APPDATA|TMP|TEMP|TERM)$']

  [security.funcs]
    getenv = ['^HUGO_']

  [security.http]
    methods = ['(?i)GET|POST']
    urls = ['.*']
```
 2021-12-16 09:40:22 +01:00
Bjørn Erik Pedersen 6183184b96
Merge commit '45e6fdb315d113ba13e20a633ed0c67e3f25170d' 2021-12-13 21:05:10 +01:00
Bjørn Erik Pedersen e86b331138
docs: Regenerate docs helper 2021-12-08 08:56:16 +01:00
Bjørn Erik Pedersen 6c841a691e
Merge commit '8d9511a08f14260cbfb73119e4afae50e5a9966d' 2021-12-08 08:54:25 +01:00
Bjørn Erik Pedersen e71d715b9b Add custom font support to images.Text 
Fixes #9253
 2021-12-07 16:53:02 +01:00
Paul van Brouwershaven 283394a4fd
images: Text filter that draws text with the given options (#9239) 
Fixes #9238
 2021-12-07 11:29:55 +01:00
Joe Mooring 5538507e90 tpl/transform: Optional options for highlight func 
Closes #9249
Fixes gohugoio/hugoDocs#63
 2021-12-07 11:26:56 +01:00
Paul van Brouwershaven 0eaaa8fee3
Implement XML data support 
Example:

```
{{ with resources.Get "https://example.com/rss.xml" | transform.Unmarshal }}
    {{ range .channel.item }}
        <strong>{{ .title | plainify | htmlUnescape }}</strong><br />
        <p>{{ .description | plainify | htmlUnescape }}</p>
        {{ $link := .link | plainify | htmlUnescape }}
        <a href="{{ $link }}">{{ $link }}</a><br />
        <hr>
    {{ end }}
{{ end }}
```

Closes #4470
 2021-12-02 17:30:36 +01:00
Paul van Brouwershaven 66753416b5
Make resources.Get use a file cache for remote resources 
Closes #9228
 2021-12-02 12:56:25 +01:00
Paul van Brouwershaven 8aa7257f65
Add remote support to resources.Get 
Closes #5255
Supports #9044
 2021-11-30 11:49:51 +01:00
hugoreleaser ab01ba6e7e releaser: Add release notes to /docs for release of 0.89.4 
[ci skip]
 2021-11-17 08:24:08 +00:00
hugoreleaser c88cdb5610 releaser: Add release notes to /docs for release of 0.89.3 
[ci skip]
 2021-11-15 12:17:45 +00:00
hugoreleaser 63e3a5ebb2 releaser: Add release notes to /docs for release of 0.89.2 
[ci skip]
 2021-11-08 15:22:23 +00:00
hugoreleaser b6a4ae4ad5 releaser: Add release notes to /docs for release of 0.89.1 
[ci skip]
 2021-11-05 15:44:32 +00:00
hugoreleaser ade966b84b releaser: Add release notes to /docs for release of 0.89.0 
[ci skip]
 2021-11-02 10:00:17 +00:00
Bjørn Erik Pedersen f503b63957
docs: Regen CLI docs 2021-11-02 09:01:26 +01:00
Joe Mooring 04a3b45db4 Fix description of lang.FormatNumberCustom 
It currently refers to itself as a simple alternative, when it should
refer to lang.FormatNumber.
 2021-11-01 18:54:43 +01:00
Joe Mooring 0cc39af682 Update Twitter shortcode oEmbed endpoint 
The existing endpoint will be retired and removed on November 23, 2021.
References:

- https://twittercommunity.com/t/consolidating-the-oembed-functionality/154690
- https://developer.twitter.com/en/docs/twitter-for-websites/oembed-api#Embedded

This is a backward compatible change.

The existing endpoint requires a single parameter: the id of the tweet.

The new endpoint requires two parameters: the id of the tweet, and the
user with whom it is associated. For the moment, if you supply the wrong
user, the request will be redirected (with a small delay) to the correct
user/id pair. This behavior is undocumented, but we will take advantage
of it as Hugo site authors transition to the new syntax.

{{< tweet 1453110110599868418 >}} --> works, throws warning, deprecate at some point

{{< tweet user="SanDiegoZoo" id="1453110110599868418" >}} --> new syntax

Fixes #8130
 2021-11-01 15:51:00 +01:00
Bjørn Erik Pedersen 4b36498a85
Merge commit 'aa5ac36a3eb68b86c803caec703869efefc8447e' 2021-10-31 13:53:55 +01:00
Bjørn Erik Pedersen 471ed91c60 hugofs: Add includeFiles and excludeFiles to mount configuration 
Fixes #9042
 2021-10-20 05:00:17 +02:00
Joe Mooring 64abc83fc4 Allow multiple plugins in the PostCSS options map 
Usage:
{{ $options := dict "use" "autoprefixer postcss-color-alpha" }}
{{ $style := resources.Get "main.css" | resources.PostCSS $options }}

Fixes #9015
 2021-10-10 11:11:43 +02:00
Joe Mooring f8d132d731
docs: Create path.Clean documentation 
Related to #9005
 2021-10-09 20:36:57 +02:00
hugoreleaser 5bc547389a releaser: Add release notes to /docs for release of 0.88.1 
[ci skip]
 2021-09-04 09:39:19 +00:00
hugoreleaser acc5eb5b51 releaser: Add release notes to /docs for release of 0.88.0 
[ci skip]
 2021-09-02 09:27:27 +00:00
Helder Pereira d966f5d08d highlight: Remove some pygments references 2021-08-21 15:50:49 +02:00
hugoreleaser b0c541e496 releaser: Add release notes to /docs for release of 0.87.0 
[ci skip]
 2021-08-03 10:57:26 +00:00
Bjørn Erik Pedersen 494f284be3
docs: Adjust config docs 2021-08-03 12:22:02 +02:00
Bjørn Erik Pedersen bf738d2f43
docs: Regen CLI docs 2021-08-03 11:55:02 +02:00
Bjørn Erik Pedersen 8d19850e2d
docs: Regen docs helper 2021-08-03 11:53:34 +02:00
Bjørn Erik Pedersen 0934983529
Merge commit 'bd77f6e1c99e04a476f0b1bb4e44569134e02399' into release-0.87.0 2021-08-03 11:52:57 +02:00
Bjørn Erik Pedersen 1c5b025dd0
docs: Adjust time zone docs 2021-08-03 11:51:28 +02:00
Bjørn Erik Pedersen 268065cb2d
Merge branch 'release-0.86.1' 2021-07-30 12:58:26 +02:00
hugoreleaser f6821b88ab releaser: Add release notes to /docs for release of 0.86.1 
[ci skip]
 2021-07-30 10:13:32 +00:00
Bjørn Erik Pedersen 7907d24ba1
tpl/lang: Add new localized versions of lang.FormatNumber etc. 
Fixes #8820
 2021-07-29 16:40:06 +02:00
Bjørn Erik Pedersen efa5760db5 Add timezone support for front matter dates without one 
Fixes #8810
 2021-07-27 19:02:48 +02:00
Bjørn Erik Pedersen a57dda854b Localize time.Format 
Fixes #8797
 2021-07-27 19:02:48 +02:00
hugoreleaser 41c6c52ead releaser: Add release notes to /docs for release of 0.86.0 
[ci skip]
 2021-07-21 09:53:11 +00:00
Bjørn Erik Pedersen 0294a4a4f8
Merge commit '53a352795a69a9d4a373f50ec62138595948c6ea' 2021-07-21 10:45:53 +02:00
Bjørn Erik Pedersen d831d2fce8 Simplify "active menu" logic for section menus 
Fixes #8776
 2021-07-20 17:50:59 +02:00
hugoreleaser 724d5db580 releaser: Add release notes to /docs for release of 0.85.0 
[ci skip]
 2021-07-05 10:46:25 +00:00
Bjørn Erik Pedersen e31b1d1946
commands: Make the --poll flag a duration 
So you can do:

```
hugo server --poll 700ms
```

See #8720
 2021-07-05 10:23:29 +02:00
Bjørn Erik Pedersen 43a23239b2
docs: Regen CLI docs 2021-07-04 16:35:21 +02:00
Bjørn Erik Pedersen 4479f09c9c
Merge commit '7eb0e10a80708c638554b8221a3120dc1168566c' 2021-07-04 16:34:53 +02:00
hugoreleaser 020e4acee4 releaser: Add release notes to /docs for release of 0.84.4 
[ci skip]
 2021-07-01 11:51:53 +00:00
hugoreleaser a1b0353ccb releaser: Add release notes to /docs for release of 0.84.3 
[ci skip]
 2021-06-29 11:40:19 +00:00
hugoreleaser e0c67958f1 releaser: Add release notes to /docs for release of 0.84.2 
[ci skip]
 2021-06-28 10:59:18 +00:00
Bjørn Erik Pedersen 40dfdd0952
modules: Add module.import.noMounts config 
Fixes #8708
 2021-06-28 10:39:52 +02:00
hugoreleaser 4bd65e224f releaser: Add release notes to /docs for release of 0.84.1 
[ci skip]
 2021-06-24 11:44:21 +00:00
Bjørn Erik Pedersen b70a12ec45
Merge commit '4dd90050f154c91373329a5d7e348289c40be12f' 2021-06-18 17:50:27 +02:00
hugoreleaser 2c4689f7b8 releaser: Add release notes to /docs for release of 0.84.0 
[ci skip]
 2021-06-18 14:55:51 +00:00