mirror of
https://github.com/gohugoio/hugo.git
synced 2024-05-20 16:22:49 +00:00
Compare commits
9 commits
a9c5761270
...
430b376d1d
Author | SHA1 | Date | |
---|---|---|---|
430b376d1d | |||
6b867972ec | |||
509ab08c1b | |||
2d75f539e1 | |||
15a4b9b337 | |||
10a8448eee | |||
722c486a34 | |||
f40f50ead0 | |||
b856d60b81 |
2
LICENSE
2
LICENSE
|
@ -186,7 +186,7 @@
|
||||||
same "printed page" as the copyright notice for easier
|
same "printed page" as the copyright notice for easier
|
||||||
identification within third-party archives.
|
identification within third-party archives.
|
||||||
|
|
||||||
Copyright 2022 The Hugo Authors.
|
Copyright [yyyy] [name of copyright owner]
|
||||||
|
|
||||||
Licensed under the Apache License, Version 2.0 (the "License");
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
you may not use this file except in compliance with the License.
|
you may not use this file except in compliance with the License.
|
||||||
|
|
|
@ -4,4 +4,4 @@
|
||||||
|
|
||||||
Please report (suspected) security vulnerabilities to **[bjorn.erik.pedersen@gmail.com](mailto:bjorn.erik.pedersen@gmail.com)**. You will receive a response from us within 48 hours. If we can confirm the issue, we will release a patch as soon as possible depending on the complexity of the issue but historically within days.
|
Please report (suspected) security vulnerabilities to **[bjorn.erik.pedersen@gmail.com](mailto:bjorn.erik.pedersen@gmail.com)**. You will receive a response from us within 48 hours. If we can confirm the issue, we will release a patch as soon as possible depending on the complexity of the issue but historically within days.
|
||||||
|
|
||||||
Also see [Hugo's Security Model](https://gohugo.io/about/security-model/).
|
Also see [Hugo's Security Model](https://gohugo.io/about/security/).
|
||||||
|
|
|
@ -1557,3 +1557,60 @@ title: "P1 us"
|
||||||
`
|
`
|
||||||
Test(t, files)
|
Test(t, files)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func TestBaseSignalChildParent(t *testing.T) {
|
||||||
|
t.Parallel()
|
||||||
|
|
||||||
|
files := `
|
||||||
|
-- hugo.toml --
|
||||||
|
-- content/_index.md --
|
||||||
|
-- content/p1.md --
|
||||||
|
-- layouts/_default/baseof.html --
|
||||||
|
{{ block "_baseof_start" . }}{{ end }}
|
||||||
|
<html>
|
||||||
|
<head>
|
||||||
|
{{/* Lots of imports of SEO partials, stylesheets, JS and whatnot. */}}
|
||||||
|
</head>
|
||||||
|
<body>
|
||||||
|
{{ $flow := .Store.Get "_baseof_flow" | default "default" }}
|
||||||
|
{{ if eq $flow "default" }}
|
||||||
|
<div>
|
||||||
|
<h1>Default flow</h1>
|
||||||
|
{{ block "main" . }}{{ end }}
|
||||||
|
</div>
|
||||||
|
{{ else if eq $flow "foo" }}
|
||||||
|
<div>
|
||||||
|
<h1>Foo flow</h1>
|
||||||
|
{{ block "main" . }}{{ end }}
|
||||||
|
</div>
|
||||||
|
{{ else if eq $flow "bar" }}
|
||||||
|
<div>
|
||||||
|
<h1>Bar flow</h1>
|
||||||
|
{{ block "main" . }}{{ end }}
|
||||||
|
</div>
|
||||||
|
{{ end }}
|
||||||
|
</body>
|
||||||
|
</html>
|
||||||
|
-- layouts/index.html --
|
||||||
|
{{ define "_baseof_start" }}{{ .Page.Store.Set "_baseof_flow" "foo" }}{{ end }}
|
||||||
|
{{ define "main" }}Main Home{{ end }}
|
||||||
|
-- layouts/_default/single.html --
|
||||||
|
{{ define "_baseof_start" }}{{ .Page.Store.Set "_baseof_flow" "bar" }}{{ end }}
|
||||||
|
{{ define "main" }}Main Single{{ end }}
|
||||||
|
|
||||||
|
|
||||||
|
`
|
||||||
|
b := NewIntegrationTestBuilder(
|
||||||
|
IntegrationTestConfig{
|
||||||
|
T: t,
|
||||||
|
TxtarString: files,
|
||||||
|
},
|
||||||
|
).Build()
|
||||||
|
|
||||||
|
b.AssertFileContent("public/index.html", `
|
||||||
|
Foo flow
|
||||||
|
Main Home
|
||||||
|
|
||||||
|
`)
|
||||||
|
|
||||||
|
}
|
||||||
|
|
|
@ -14,6 +14,7 @@
|
||||||
package hugolib
|
package hugolib
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"fmt"
|
||||||
"strings"
|
"strings"
|
||||||
"testing"
|
"testing"
|
||||||
)
|
)
|
||||||
|
@ -241,3 +242,52 @@ iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAADUlEQVR42mNkYPhfDwAChwGA60e6kgAA
|
||||||
"p1|<p><a href=\"p2\">P2</a>", "<img src=\"pixel.png\" alt=\"Pixel\">")
|
"p1|<p><a href=\"p2\">P2</a>", "<img src=\"pixel.png\" alt=\"Pixel\">")
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func TestRenderHooksDefaultEscape(t *testing.T) {
|
||||||
|
files := `
|
||||||
|
-- hugo.toml --
|
||||||
|
[markup.goldmark.renderHooks]
|
||||||
|
[markup.goldmark.renderHooks.image]
|
||||||
|
enableDefault = ENABLE
|
||||||
|
[markup.goldmark.renderHooks.link]
|
||||||
|
enableDefault = ENABLE
|
||||||
|
[markup.goldmark.parser]
|
||||||
|
wrapStandAloneImageWithinParagraph = false
|
||||||
|
[markup.goldmark.parser.attribute]
|
||||||
|
block = true
|
||||||
|
title = true
|
||||||
|
-- content/_index.md --
|
||||||
|
---
|
||||||
|
title: "Home"
|
||||||
|
---
|
||||||
|
Link: [text-"<>&](/destination-"<> 'title-"<>&')
|
||||||
|
|
||||||
|
Image: ![alt-"<>&](/destination-"<> 'title-"<>&')
|
||||||
|
{class="><script>alert()</script>" id="baz"}
|
||||||
|
|
||||||
|
-- layouts/index.html --
|
||||||
|
{{ .Content }}
|
||||||
|
`
|
||||||
|
|
||||||
|
for _, enabled := range []bool{true, false} {
|
||||||
|
enabled := enabled
|
||||||
|
t.Run(fmt.Sprint(enabled), func(t *testing.T) {
|
||||||
|
t.Parallel()
|
||||||
|
b := Test(t, strings.ReplaceAll(files, "ENABLE", fmt.Sprint(enabled)))
|
||||||
|
|
||||||
|
// The escaping is slightly different between the two.
|
||||||
|
if enabled {
|
||||||
|
b.AssertFileContent("public/index.html",
|
||||||
|
"Link: <a href=\"/destination-%22%3C%3E\" title=\"title-"<>&\">text-"<>&</a>",
|
||||||
|
"img alt=\"alt-"<>&\" src=\"/destination-%22%3C%3E\" title=\"title-"<>&\">",
|
||||||
|
"><script>",
|
||||||
|
)
|
||||||
|
} else {
|
||||||
|
b.AssertFileContent("public/index.html",
|
||||||
|
"Link: <a href=\"/destination-%22%3C%3E\" title=\"title-"<>&\">text-"<>&</a>",
|
||||||
|
"Image: <img src=\"/destination-%22%3C%3E\" alt=\"alt-"<>&\" title=\"title-"<>&\">",
|
||||||
|
)
|
||||||
|
}
|
||||||
|
})
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
|
@ -175,7 +175,7 @@ func (pco *pageContentOutput) RenderShortcodes(ctx context.Context) (template.HT
|
||||||
// This content will be parsed and rendered by Goldmark.
|
// This content will be parsed and rendered by Goldmark.
|
||||||
// Wrap it in a special Hugo markup to assign the correct Page from
|
// Wrap it in a special Hugo markup to assign the correct Page from
|
||||||
// the stack.
|
// the stack.
|
||||||
c = hugocontext.Wrap(c, pco.po.p.pid)
|
return template.HTML(hugocontext.Wrap(c, pco.po.p.pid)), nil
|
||||||
}
|
}
|
||||||
|
|
||||||
return helpers.BytesToHTML(c), nil
|
return helpers.BytesToHTML(c), nil
|
||||||
|
|
|
@ -34,7 +34,7 @@ func New() goldmark.Extender {
|
||||||
|
|
||||||
// Wrap wraps the given byte slice in a Hugo context that used to determine the correct Page
|
// Wrap wraps the given byte slice in a Hugo context that used to determine the correct Page
|
||||||
// in .RenderShortcodes.
|
// in .RenderShortcodes.
|
||||||
func Wrap(b []byte, pid uint64) []byte {
|
func Wrap(b []byte, pid uint64) string {
|
||||||
buf := bufferpool.GetBuffer()
|
buf := bufferpool.GetBuffer()
|
||||||
defer bufferpool.PutBuffer(buf)
|
defer bufferpool.PutBuffer(buf)
|
||||||
buf.Write(prefix)
|
buf.Write(prefix)
|
||||||
|
@ -45,7 +45,7 @@ func Wrap(b []byte, pid uint64) []byte {
|
||||||
buf.Write(b)
|
buf.Write(b)
|
||||||
buf.Write(prefix)
|
buf.Write(prefix)
|
||||||
buf.Write(closingDelimAndNewline)
|
buf.Write(closingDelimAndNewline)
|
||||||
return buf.Bytes()
|
return buf.String()
|
||||||
}
|
}
|
||||||
|
|
||||||
var kindHugoContext = ast.NewNodeKind("HugoContext")
|
var kindHugoContext = ast.NewNodeKind("HugoContext")
|
||||||
|
|
|
@ -24,7 +24,7 @@ func TestWrap(t *testing.T) {
|
||||||
|
|
||||||
b := []byte("test")
|
b := []byte("test")
|
||||||
|
|
||||||
c.Assert(string(Wrap(b, 42)), qt.Equals, "{{__hugo_ctx pid=42}}\ntest{{__hugo_ctx/}}\n")
|
c.Assert(Wrap(b, 42), qt.Equals, "{{__hugo_ctx pid=42}}\ntest{{__hugo_ctx/}}\n")
|
||||||
}
|
}
|
||||||
|
|
||||||
func BenchmarkWrap(b *testing.B) {
|
func BenchmarkWrap(b *testing.B) {
|
||||||
|
|
|
@ -261,7 +261,10 @@ func (c *collector) add(owner *moduleAdapter, moduleImport Import) (*moduleAdapt
|
||||||
// This will select the latest release-version (not beta etc.).
|
// This will select the latest release-version (not beta etc.).
|
||||||
versionQuery = "upgrade"
|
versionQuery = "upgrade"
|
||||||
}
|
}
|
||||||
if err := c.Get(fmt.Sprintf("%s@%s", modulePath, versionQuery)); err != nil {
|
|
||||||
|
// Note that we cannot use c.Get for this, as that may
|
||||||
|
// trigger a new module collection and potentially create a infinite loop.
|
||||||
|
if err := c.get(fmt.Sprintf("%s@%s", modulePath, versionQuery)); err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
if err := c.loadModules(); err != nil {
|
if err := c.loadModules(); err != nil {
|
||||||
|
|
|
@ -5,7 +5,7 @@
|
||||||
{{- $src = .RelPermalink -}}
|
{{- $src = .RelPermalink -}}
|
||||||
{{- end -}}
|
{{- end -}}
|
||||||
{{- end -}}
|
{{- end -}}
|
||||||
{{- $attributes := merge .Attributes (dict "alt" .Text "src" $src "title" .Title) -}}
|
{{- $attributes := merge .Attributes (dict "alt" .Text "src" $src "title" (.Title | transform.HTMLEscape)) -}}
|
||||||
<img
|
<img
|
||||||
{{- range $k, $v := $attributes -}}
|
{{- range $k, $v := $attributes -}}
|
||||||
{{- if $v -}}
|
{{- if $v -}}
|
||||||
|
|
|
@ -17,7 +17,7 @@
|
||||||
{{- end -}}
|
{{- end -}}
|
||||||
{{- end -}}
|
{{- end -}}
|
||||||
{{- end -}}
|
{{- end -}}
|
||||||
{{- $attributes := dict "href" $href "title" .Title -}}
|
{{- $attributes := dict "href" $href "title" (.Title | transform.HTMLEscape) -}}
|
||||||
<a
|
<a
|
||||||
{{- range $k, $v := $attributes -}}
|
{{- range $k, $v := $attributes -}}
|
||||||
{{- if $v -}}
|
{{- if $v -}}
|
||||||
|
|
|
@ -48,7 +48,7 @@
|
||||||
<title>{{ if eq .Title .Site.Title }}{{ .Site.Title }}{{ else }}{{ with .Title }}{{ . }} on {{ end }}{{ .Site.Title }}{{ end }}</title>
|
<title>{{ if eq .Title .Site.Title }}{{ .Site.Title }}{{ else }}{{ with .Title }}{{ . }} on {{ end }}{{ .Site.Title }}{{ end }}</title>
|
||||||
<link>{{ .Permalink }}</link>
|
<link>{{ .Permalink }}</link>
|
||||||
<description>Recent content {{ if ne .Title .Site.Title }}{{ with .Title }}in {{ . }} {{ end }}{{ end }}on {{ .Site.Title }}</description>
|
<description>Recent content {{ if ne .Title .Site.Title }}{{ with .Title }}in {{ . }} {{ end }}{{ end }}on {{ .Site.Title }}</description>
|
||||||
<generator>Hugo {{ hugo.Version }}</generator>
|
<generator>Hugo</generator>
|
||||||
<language>{{ site.Language.LanguageCode }}</language>{{ with $authorEmail }}
|
<language>{{ site.Language.LanguageCode }}</language>{{ with $authorEmail }}
|
||||||
<managingEditor>{{.}}{{ with $authorName }} ({{ . }}){{ end }}</managingEditor>{{ end }}{{ with $authorEmail }}
|
<managingEditor>{{.}}{{ with $authorName }} ({{ . }}){{ end }}</managingEditor>{{ end }}{{ with $authorEmail }}
|
||||||
<webMaster>{{ . }}{{ with $authorName }} ({{ . }}){{ end }}</webMaster>{{ end }}{{ with .Site.Copyright }}
|
<webMaster>{{ . }}{{ with $authorName }} ({{ . }}){{ end }}</webMaster>{{ end }}{{ with .Site.Copyright }}
|
||||||
|
|
|
@ -8,10 +8,10 @@ Renders an embedded YouTube video.
|
||||||
@param {int} [end] The time, measured in seconds from the start of the video, when the player should stop playing the video.
|
@param {int} [end] The time, measured in seconds from the start of the video, when the player should stop playing the video.
|
||||||
@param {string} [id] The video id. Optional if the id is provided as first positional argument.
|
@param {string} [id] The video id. Optional if the id is provided as first positional argument.
|
||||||
@param {string} [loading=eager] The loading attribute of the iframe element.
|
@param {string} [loading=eager] The loading attribute of the iframe element.
|
||||||
@param {bool} [loop=false] Whether to indefinitely repeat the video.
|
@param {bool} [loop=false] Whether to indefinitely repeat the video. Ignores the start and end arguments after the first play.
|
||||||
@param {bool} [mute=false] Whether to mute the video. Always true when autoplay is true.
|
@param {bool} [mute=false] Whether to mute the video. Always true when autoplay is true.
|
||||||
@param {int} [start] The time, measured in seconds from the start of the video, when the player should start playing the video.
|
@param {int} [start] The time, measured in seconds from the start of the video, when the player should start playing the video.
|
||||||
@param {string} [title] The title attribute of the iframe element. Defaults to the title returned by YouTube oEmbed API.
|
@param {string} [title] The title attribute of the iframe element. Defaults to "YouTube video".
|
||||||
|
|
||||||
@returns {template.HTML}
|
@returns {template.HTML}
|
||||||
|
|
||||||
|
@ -26,20 +26,6 @@ Renders an embedded YouTube video.
|
||||||
{{- if not $pc.Disable }}
|
{{- if not $pc.Disable }}
|
||||||
{{- with $id := or (.Get "id") (.Get 0) }}
|
{{- with $id := or (.Get "id") (.Get 0) }}
|
||||||
|
|
||||||
{{- /* Get data from the YouTube oEmbed API. */}}
|
|
||||||
{{- $q := querify "url" (printf "https://www.youtube.com/watch?v=%s" $id) "format" "json" }}
|
|
||||||
{{- $url := printf "https://www.youtube.com/oembed?%s" $q }}
|
|
||||||
{{- $data := dict }}
|
|
||||||
{{- with resources.GetRemote $url }}
|
|
||||||
{{- with .Err }}
|
|
||||||
{{- erroridf $remoteErrID "The %q shortcode was unable to get remote resource %q. %s. See %s" $.Name $url . $.Position }}
|
|
||||||
{{- else }}
|
|
||||||
{{- $data = .Content | transform.Unmarshal }}
|
|
||||||
{{- end }}
|
|
||||||
{{- else }}
|
|
||||||
{{- erroridf $remoteErrID "The %q shortcode was unable to get remote resource %q. See %s" $.Name $url $.Position }}
|
|
||||||
{{- end }}
|
|
||||||
|
|
||||||
{{/* Set defaults. */}}
|
{{/* Set defaults. */}}
|
||||||
{{- $allowFullScreen := "allowfullscreen" }}
|
{{- $allowFullScreen := "allowfullscreen" }}
|
||||||
{{- $autoplay := 0 }}
|
{{- $autoplay := 0 }}
|
||||||
|
@ -50,7 +36,7 @@ Renders an embedded YouTube video.
|
||||||
{{- $loop := 0 }}
|
{{- $loop := 0 }}
|
||||||
{{- $mute := 0 }}
|
{{- $mute := 0 }}
|
||||||
{{- $start := 0 }}
|
{{- $start := 0 }}
|
||||||
{{- $title := $data.title }}
|
{{- $title := "YouTube video" }}
|
||||||
|
|
||||||
{{- /* Get arguments. */}}
|
{{- /* Get arguments. */}}
|
||||||
{{- if in (slice "false" false 0) ($.Get "allowFullScreen") }}
|
{{- if in (slice "false" false 0) ($.Get "allowFullScreen") }}
|
||||||
|
|
Loading…
Reference in a new issue