mirror of
https://github.com/gohugoio/hugo.git
synced 2024-05-10 19:47:13 +00:00
Compare commits
11 commits
40efe98b49
...
e895dbffeb
Author | SHA1 | Date | |
---|---|---|---|
e895dbffeb | |||
fb084390cd | |||
fb51b698b3 | |||
6b867972ec | |||
509ab08c1b | |||
2d75f539e1 | |||
15a4b9b337 | |||
10a8448eee | |||
722c486a34 | |||
f40f50ead0 | |||
c7161b0117 |
2
LICENSE
2
LICENSE
|
@ -186,7 +186,7 @@
|
|||
same "printed page" as the copyright notice for easier
|
||||
identification within third-party archives.
|
||||
|
||||
Copyright 2022 The Hugo Authors.
|
||||
Copyright [yyyy] [name of copyright owner]
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
|
|
|
@ -4,4 +4,4 @@
|
|||
|
||||
Please report (suspected) security vulnerabilities to **[bjorn.erik.pedersen@gmail.com](mailto:bjorn.erik.pedersen@gmail.com)**. You will receive a response from us within 48 hours. If we can confirm the issue, we will release a patch as soon as possible depending on the complexity of the issue but historically within days.
|
||||
|
||||
Also see [Hugo's Security Model](https://gohugo.io/about/security-model/).
|
||||
Also see [Hugo's Security Model](https://gohugo.io/about/security/).
|
||||
|
|
6
go.mod
6
go.mod
|
@ -5,7 +5,7 @@ require (
|
|||
github.com/alecthomas/chroma/v2 v2.13.0
|
||||
github.com/armon/go-radix v1.0.1-0.20221118154546-54df44f2176c
|
||||
github.com/aws/aws-sdk-go-v2 v1.26.1
|
||||
github.com/aws/aws-sdk-go-v2/service/cloudfront v1.35.4
|
||||
github.com/aws/aws-sdk-go-v2/service/cloudfront v1.36.0
|
||||
github.com/bep/clocks v0.5.0
|
||||
github.com/bep/debounce v1.2.0
|
||||
github.com/bep/gitmap v1.1.2
|
||||
|
@ -64,8 +64,8 @@ require (
|
|||
github.com/spf13/cobra v1.8.0
|
||||
github.com/spf13/fsync v0.10.1
|
||||
github.com/spf13/pflag v1.0.5
|
||||
github.com/tdewolff/minify/v2 v2.20.19
|
||||
github.com/tdewolff/parse/v2 v2.7.12
|
||||
github.com/tdewolff/minify/v2 v2.20.20
|
||||
github.com/tdewolff/parse/v2 v2.7.13
|
||||
github.com/yuin/goldmark v1.7.1
|
||||
github.com/yuin/goldmark-emoji v1.0.2
|
||||
go.uber.org/automaxprocs v1.5.3
|
||||
|
|
12
go.sum
12
go.sum
|
@ -94,8 +94,8 @@ github.com/aws/aws-sdk-go-v2/internal/ini v1.7.2 h1:GrSw8s0Gs/5zZ0SX+gX4zQjRnRsM
|
|||
github.com/aws/aws-sdk-go-v2/internal/ini v1.7.2/go.mod h1:6fQQgfuGmw8Al/3M2IgIllycxV7ZW7WCdVSqfBeUiCY=
|
||||
github.com/aws/aws-sdk-go-v2/internal/v4a v1.2.9 h1:ugD6qzjYtB7zM5PN/ZIeaAIyefPaD82G8+SJopgvUpw=
|
||||
github.com/aws/aws-sdk-go-v2/internal/v4a v1.2.9/go.mod h1:YD0aYBWCrPENpHolhKw2XDlTIWae2GKXT1T4o6N6hiM=
|
||||
github.com/aws/aws-sdk-go-v2/service/cloudfront v1.35.4 h1:a4gfRHHCzvV0jEjOUdZOK0oJ4H21x5WT+E4ucWk4jeM=
|
||||
github.com/aws/aws-sdk-go-v2/service/cloudfront v1.35.4/go.mod h1:Pphkts8iBnexoEpcMti5fUvN3/yoGRLtl2heOeppF70=
|
||||
github.com/aws/aws-sdk-go-v2/service/cloudfront v1.36.0 h1:KbT1H0KXc26/M6km03gBWz5v1M5aOq4Cwo+aXJ2BpfM=
|
||||
github.com/aws/aws-sdk-go-v2/service/cloudfront v1.36.0/go.mod h1:Pphkts8iBnexoEpcMti5fUvN3/yoGRLtl2heOeppF70=
|
||||
github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.10.4 h1:/b31bi3YVNlkzkBrm9LfpaKoaYZUxIAj4sHfOTmLfqw=
|
||||
github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.10.4/go.mod h1:2aGXHFmbInwgP9ZfpmdIfOELL79zhdNYNmReK8qDfdQ=
|
||||
github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.2.9 h1:/90OR2XbSYfXucBMJ4U14wrjlfleq/0SB6dZDPncgmo=
|
||||
|
@ -429,10 +429,10 @@ github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o
|
|||
github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
|
||||
github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg=
|
||||
github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
|
||||
github.com/tdewolff/minify/v2 v2.20.19 h1:tX0SR0LUrIqGoLjXnkIzRSIbKJ7PaNnSENLD4CyH6Xo=
|
||||
github.com/tdewolff/minify/v2 v2.20.19/go.mod h1:ulkFoeAVWMLEyjuDz1ZIWOA31g5aWOawCFRp9R/MudM=
|
||||
github.com/tdewolff/parse/v2 v2.7.12 h1:tgavkHc2ZDEQVKy1oWxwIyh5bP4F5fEh/JmBwPP/3LQ=
|
||||
github.com/tdewolff/parse/v2 v2.7.12/go.mod h1:3FbJWZp3XT9OWVN3Hmfp0p/a08v4h8J9W1aghka0soA=
|
||||
github.com/tdewolff/minify/v2 v2.20.20 h1:vhULb+VsW2twkplgsawAoUY957efb+EdiZ7zu5fUhhk=
|
||||
github.com/tdewolff/minify/v2 v2.20.20/go.mod h1:GYaLXFpIIwsX99apQHXfGdISUdlA98wmaoWxjT9C37k=
|
||||
github.com/tdewolff/parse/v2 v2.7.13 h1:iSiwOUkCYLNfapHoqdLcqZVgvQ0jrsao8YYKP/UJYTI=
|
||||
github.com/tdewolff/parse/v2 v2.7.13/go.mod h1:3FbJWZp3XT9OWVN3Hmfp0p/a08v4h8J9W1aghka0soA=
|
||||
github.com/tdewolff/test v1.0.11-0.20231101010635-f1265d231d52/go.mod h1:6DAvZliBAAnD7rhVgwaM7DE5/d9NMOAJ09SqYqeK4QE=
|
||||
github.com/tdewolff/test v1.0.11-0.20240106005702-7de5f7df4739 h1:IkjBCtQOOjIn03u/dMQK9g+Iw9ewps4mCl1nB8Sscbo=
|
||||
github.com/ugorji/go/codec v1.2.7 h1:YPXUKf7fYbp/y8xloBqZOw2qaVggbfwMlI8WM3wZUJ0=
|
||||
|
|
|
@ -14,6 +14,7 @@
|
|||
package hugolib
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"strings"
|
||||
"testing"
|
||||
)
|
||||
|
@ -241,3 +242,52 @@ iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAADUlEQVR42mNkYPhfDwAChwGA60e6kgAA
|
|||
"p1|<p><a href=\"p2\">P2</a>", "<img src=\"pixel.png\" alt=\"Pixel\">")
|
||||
})
|
||||
}
|
||||
|
||||
func TestRenderHooksDefaultEscape(t *testing.T) {
|
||||
files := `
|
||||
-- hugo.toml --
|
||||
[markup.goldmark.renderHooks]
|
||||
[markup.goldmark.renderHooks.image]
|
||||
enableDefault = ENABLE
|
||||
[markup.goldmark.renderHooks.link]
|
||||
enableDefault = ENABLE
|
||||
[markup.goldmark.parser]
|
||||
wrapStandAloneImageWithinParagraph = false
|
||||
[markup.goldmark.parser.attribute]
|
||||
block = true
|
||||
title = true
|
||||
-- content/_index.md --
|
||||
---
|
||||
title: "Home"
|
||||
---
|
||||
Link: [text-"<>&](/destination-"<> 'title-"<>&')
|
||||
|
||||
Image: ![alt-"<>&](/destination-"<> 'title-"<>&')
|
||||
{class="><script>alert()</script>" id="baz"}
|
||||
|
||||
-- layouts/index.html --
|
||||
{{ .Content }}
|
||||
`
|
||||
|
||||
for _, enabled := range []bool{true, false} {
|
||||
enabled := enabled
|
||||
t.Run(fmt.Sprint(enabled), func(t *testing.T) {
|
||||
t.Parallel()
|
||||
b := Test(t, strings.ReplaceAll(files, "ENABLE", fmt.Sprint(enabled)))
|
||||
|
||||
// The escaping is slightly different between the two.
|
||||
if enabled {
|
||||
b.AssertFileContent("public/index.html",
|
||||
"Link: <a href=\"/destination-%22%3C%3E\" title=\"title-"<>&\">text-"<>&</a>",
|
||||
"img alt=\"alt-"<>&\" src=\"/destination-%22%3C%3E\" title=\"title-"<>&\">",
|
||||
"><script>",
|
||||
)
|
||||
} else {
|
||||
b.AssertFileContent("public/index.html",
|
||||
"Link: <a href=\"/destination-%22%3C%3E\" title=\"title-"<>&\">text-"<>&</a>",
|
||||
"Image: <img src=\"/destination-%22%3C%3E\" alt=\"alt-"<>&\" title=\"title-"<>&\">",
|
||||
)
|
||||
}
|
||||
})
|
||||
}
|
||||
}
|
||||
|
|
|
@ -175,7 +175,7 @@ func (pco *pageContentOutput) RenderShortcodes(ctx context.Context) (template.HT
|
|||
// This content will be parsed and rendered by Goldmark.
|
||||
// Wrap it in a special Hugo markup to assign the correct Page from
|
||||
// the stack.
|
||||
c = hugocontext.Wrap(c, pco.po.p.pid)
|
||||
return template.HTML(hugocontext.Wrap(c, pco.po.p.pid)), nil
|
||||
}
|
||||
|
||||
return helpers.BytesToHTML(c), nil
|
||||
|
|
|
@ -34,7 +34,7 @@ func New() goldmark.Extender {
|
|||
|
||||
// Wrap wraps the given byte slice in a Hugo context that used to determine the correct Page
|
||||
// in .RenderShortcodes.
|
||||
func Wrap(b []byte, pid uint64) []byte {
|
||||
func Wrap(b []byte, pid uint64) string {
|
||||
buf := bufferpool.GetBuffer()
|
||||
defer bufferpool.PutBuffer(buf)
|
||||
buf.Write(prefix)
|
||||
|
@ -45,7 +45,7 @@ func Wrap(b []byte, pid uint64) []byte {
|
|||
buf.Write(b)
|
||||
buf.Write(prefix)
|
||||
buf.Write(closingDelimAndNewline)
|
||||
return buf.Bytes()
|
||||
return buf.String()
|
||||
}
|
||||
|
||||
var kindHugoContext = ast.NewNodeKind("HugoContext")
|
||||
|
|
|
@ -24,7 +24,7 @@ func TestWrap(t *testing.T) {
|
|||
|
||||
b := []byte("test")
|
||||
|
||||
c.Assert(string(Wrap(b, 42)), qt.Equals, "{{__hugo_ctx pid=42}}\ntest{{__hugo_ctx/}}\n")
|
||||
c.Assert(Wrap(b, 42), qt.Equals, "{{__hugo_ctx pid=42}}\ntest{{__hugo_ctx/}}\n")
|
||||
}
|
||||
|
||||
func BenchmarkWrap(b *testing.B) {
|
||||
|
|
|
@ -261,7 +261,10 @@ func (c *collector) add(owner *moduleAdapter, moduleImport Import) (*moduleAdapt
|
|||
// This will select the latest release-version (not beta etc.).
|
||||
versionQuery = "upgrade"
|
||||
}
|
||||
if err := c.Get(fmt.Sprintf("%s@%s", modulePath, versionQuery)); err != nil {
|
||||
|
||||
// Note that we cannot use c.Get for this, as that may
|
||||
// trigger a new module collection and potentially create a infinite loop.
|
||||
if err := c.get(fmt.Sprintf("%s@%s", modulePath, versionQuery)); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
if err := c.loadModules(); err != nil {
|
||||
|
|
|
@ -5,7 +5,7 @@
|
|||
{{- $src = .RelPermalink -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- $attributes := merge .Attributes (dict "alt" .Text "src" $src "title" .Title) -}}
|
||||
{{- $attributes := merge .Attributes (dict "alt" .Text "src" $src "title" (.Title | transform.HTMLEscape)) -}}
|
||||
<img
|
||||
{{- range $k, $v := $attributes -}}
|
||||
{{- if $v -}}
|
||||
|
|
|
@ -17,7 +17,7 @@
|
|||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- $attributes := dict "href" $href "title" .Title -}}
|
||||
{{- $attributes := dict "href" $href "title" (.Title | transform.HTMLEscape) -}}
|
||||
<a
|
||||
{{- range $k, $v := $attributes -}}
|
||||
{{- if $v -}}
|
||||
|
|
|
@ -48,7 +48,7 @@
|
|||
<title>{{ if eq .Title .Site.Title }}{{ .Site.Title }}{{ else }}{{ with .Title }}{{ . }} on {{ end }}{{ .Site.Title }}{{ end }}</title>
|
||||
<link>{{ .Permalink }}</link>
|
||||
<description>Recent content {{ if ne .Title .Site.Title }}{{ with .Title }}in {{ . }} {{ end }}{{ end }}on {{ .Site.Title }}</description>
|
||||
<generator>Hugo {{ hugo.Version }}</generator>
|
||||
<generator>Hugo</generator>
|
||||
<language>{{ site.Language.LanguageCode }}</language>{{ with $authorEmail }}
|
||||
<managingEditor>{{.}}{{ with $authorName }} ({{ . }}){{ end }}</managingEditor>{{ end }}{{ with $authorEmail }}
|
||||
<webMaster>{{ . }}{{ with $authorName }} ({{ . }}){{ end }}</webMaster>{{ end }}{{ with .Site.Copyright }}
|
||||
|
|
|
@ -4,11 +4,11 @@
|
|||
<meta property="og:site_name" content="{{ . }}">
|
||||
{{- end }}
|
||||
|
||||
{{- with or .Title site.Title site.Params.title | plainify}}
|
||||
{{- with or .Title site.Title site.Params.title | plainify }}
|
||||
<meta property="og:title" content="{{ . }}">
|
||||
{{- end }}
|
||||
|
||||
{{- with or .Description .Summary site.Params.description | plainify }}
|
||||
{{- with or .Description .Summary site.Params.description | plainify | htmlUnescape | chomp }}
|
||||
<meta property="og:description" content="{{ . }}">
|
||||
{{- end }}
|
||||
|
||||
|
@ -18,7 +18,9 @@
|
|||
|
||||
{{- if .IsPage }}
|
||||
<meta property="og:type" content="article">
|
||||
<meta property="article:section" content="{{ .Section }}">
|
||||
{{- with .Section }}
|
||||
<meta property="article:section" content="{{ . }}">
|
||||
{{- end }}
|
||||
{{- $ISO8601 := "2006-01-02T15:04:05-07:00" }}
|
||||
{{- with .PublishDate }}
|
||||
<meta property="article:published_time" {{ .Format $ISO8601 | printf "content=%q" | safeHTMLAttr }}>
|
||||
|
|
|
@ -8,10 +8,10 @@ Renders an embedded YouTube video.
|
|||
@param {int} [end] The time, measured in seconds from the start of the video, when the player should stop playing the video.
|
||||
@param {string} [id] The video id. Optional if the id is provided as first positional argument.
|
||||
@param {string} [loading=eager] The loading attribute of the iframe element.
|
||||
@param {bool} [loop=false] Whether to indefinitely repeat the video.
|
||||
@param {bool} [loop=false] Whether to indefinitely repeat the video. Ignores the start and end arguments after the first play.
|
||||
@param {bool} [mute=false] Whether to mute the video. Always true when autoplay is true.
|
||||
@param {int} [start] The time, measured in seconds from the start of the video, when the player should start playing the video.
|
||||
@param {string} [title] The title attribute of the iframe element. Defaults to the title returned by YouTube oEmbed API.
|
||||
@param {string} [title] The title attribute of the iframe element. Defaults to "YouTube video".
|
||||
|
||||
@returns {template.HTML}
|
||||
|
||||
|
@ -26,20 +26,6 @@ Renders an embedded YouTube video.
|
|||
{{- if not $pc.Disable }}
|
||||
{{- with $id := or (.Get "id") (.Get 0) }}
|
||||
|
||||
{{- /* Get data from the YouTube oEmbed API. */}}
|
||||
{{- $q := querify "url" (printf "https://www.youtube.com/watch?v=%s" $id) "format" "json" }}
|
||||
{{- $url := printf "https://www.youtube.com/oembed?%s" $q }}
|
||||
{{- $data := dict }}
|
||||
{{- with resources.GetRemote $url }}
|
||||
{{- with .Err }}
|
||||
{{- erroridf $remoteErrID "The %q shortcode was unable to get remote resource %q. %s. See %s" $.Name $url . $.Position }}
|
||||
{{- else }}
|
||||
{{- $data = .Content | transform.Unmarshal }}
|
||||
{{- end }}
|
||||
{{- else }}
|
||||
{{- erroridf $remoteErrID "The %q shortcode was unable to get remote resource %q. See %s" $.Name $url $.Position }}
|
||||
{{- end }}
|
||||
|
||||
{{/* Set defaults. */}}
|
||||
{{- $allowFullScreen := "allowfullscreen" }}
|
||||
{{- $autoplay := 0 }}
|
||||
|
@ -50,7 +36,7 @@ Renders an embedded YouTube video.
|
|||
{{- $loop := 0 }}
|
||||
{{- $mute := 0 }}
|
||||
{{- $start := 0 }}
|
||||
{{- $title := $data.title }}
|
||||
{{- $title := "YouTube video" }}
|
||||
|
||||
{{- /* Get arguments. */}}
|
||||
{{- if in (slice "false" false 0) ($.Get "allowFullScreen") }}
|
||||
|
|
|
@ -305,3 +305,109 @@ title: p2
|
|||
"<?xml version=\"1.0\" encoding=\"utf-8\" standalone=\"yes\"?>\n<urlset xmlns=\"http://www.sitemaps.org/schemas/sitemap/0.9\"\n xmlns:xhtml=\"http://www.w3.org/1999/xhtml\">\n <url>\n <loc>/p2/</loc>\n </url>\n</urlset>\n",
|
||||
)
|
||||
}
|
||||
|
||||
// Issue 12418
|
||||
func TestOpengraph(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
files := `
|
||||
-- hugo.toml --
|
||||
capitalizeListTitles = false
|
||||
disableKinds = ['rss','sitemap']
|
||||
languageCode = 'en-US'
|
||||
[markup.goldmark.renderer]
|
||||
unsafe = true
|
||||
[params]
|
||||
description = "m <em>n</em> and **o** can't."
|
||||
[params.social]
|
||||
facebook_admin = 'foo'
|
||||
[taxonomies]
|
||||
series = 'series'
|
||||
tag = 'tags'
|
||||
-- layouts/_default/list.html --
|
||||
{{ template "_internal/opengraph.html" . }}
|
||||
-- layouts/_default/single.html --
|
||||
{{ template "_internal/opengraph.html" . }}
|
||||
-- content/s1/p1.md --
|
||||
---
|
||||
title: p1
|
||||
date: 2024-04-24T08:00:00-07:00
|
||||
lastmod: 2024-04-24T11:00:00-07:00
|
||||
images: [a.jpg,b.jpg]
|
||||
audio: [c.mp3,d.mp3]
|
||||
videos: [e.mp4,f.mp4]
|
||||
series: [series-1]
|
||||
tags: [t1,t2]
|
||||
---
|
||||
a <em>b</em> and **c** can't.
|
||||
-- content/s1/p2.md --
|
||||
---
|
||||
title: p2
|
||||
series: [series-1]
|
||||
---
|
||||
d <em>e</em> and **f** can't.
|
||||
<!--more-->
|
||||
-- content/s1/p3.md --
|
||||
---
|
||||
title: p3
|
||||
series: [series-1]
|
||||
summary: g <em>h</em> and **i** can't.
|
||||
---
|
||||
-- content/s1/p4.md --
|
||||
---
|
||||
title: p4
|
||||
series: [series-1]
|
||||
description: j <em>k</em> and **l** can't.
|
||||
---
|
||||
-- content/s1/p5.md --
|
||||
---
|
||||
title: p5
|
||||
series: [series-1]
|
||||
---
|
||||
`
|
||||
|
||||
b := hugolib.Test(t, files)
|
||||
|
||||
b.AssertFileContent("public/s1/p1/index.html", `
|
||||
<meta property="og:url" content="/s1/p1/">
|
||||
<meta property="og:title" content="p1">
|
||||
<meta property="og:description" content="a b and c can’t.">
|
||||
<meta property="og:locale" content="en-US">
|
||||
<meta property="og:type" content="article">
|
||||
<meta property="article:section" content="s1">
|
||||
<meta property="article:published_time" content="2024-04-24T08:00:00-07:00">
|
||||
<meta property="article:modified_time" content="2024-04-24T11:00:00-07:00">
|
||||
<meta property="article:tag" content="t1">
|
||||
<meta property="article:tag" content="t2">
|
||||
<meta property="og:image" content="/a.jpg">
|
||||
<meta property="og:image" content="/b.jpg">
|
||||
<meta property="og:audio" content="/c.mp3">
|
||||
<meta property="og:audio" content="/d.mp3">
|
||||
<meta property="og:video" content="/e.mp4">
|
||||
<meta property="og:video" content="/f.mp4">
|
||||
<meta property="og:see_also" content="/s1/p2/">
|
||||
<meta property="og:see_also" content="/s1/p3/">
|
||||
<meta property="og:see_also" content="/s1/p4/">
|
||||
<meta property="og:see_also" content="/s1/p5/">
|
||||
<meta property="fb:admins" content="foo">
|
||||
`,
|
||||
)
|
||||
|
||||
b.AssertFileContent("public/s1/p2/index.html",
|
||||
`<meta property="og:description" content="d e and f can’t.">`,
|
||||
)
|
||||
|
||||
b.AssertFileContent("public/s1/p3/index.html",
|
||||
`<meta property="og:description" content="g h and i can’t.">`,
|
||||
)
|
||||
|
||||
// The markdown is intentionally not rendered to HTML.
|
||||
b.AssertFileContent("public/s1/p4/index.html",
|
||||
`<meta property="og:description" content="j k and **l** can't.">`,
|
||||
)
|
||||
|
||||
// The markdown is intentionally not rendered to HTML.
|
||||
b.AssertFileContent("public/s1/p5/index.html",
|
||||
`<meta property="og:description" content="m n and **o** can't.">`,
|
||||
)
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue