phoenix/hugo
1
0
Fork 0
mirror of https://github.com/gohugoio/hugo.git synced 2024-07-02 15:20:28 +00:00
Code Issues Packages Projects Releases Wiki Activity
hugo/config/security
History
Bjørn Erik Pedersen ee359df172 Fix upstream Go templates bug with reversed key/value assignment 
The template packages are based on go1.20.5 with the patch in befec5ddbbfbd81ec84e74e15a38044d67f8785b  added.

This also includes a security fix that now disallows Go template actions in JS literals (inside backticks).

This will throw an error saying "... appears in a JS template literal".

If you're really sure this isn't a security risk in your case, you can revert to the old behaviour:

```toml
[security]
[security.gotemplates]
allowActionJSTmpl = true
```

See https://github.com/golang/go/issues/59234

Fixes #11112
2023-06-15 23:04:33 +02:00
..
docshelper.go Add some basic security policies with sensible defaults 2021-12-16 09:40:22 +01:00
securityConfig.go Fix upstream Go templates bug with reversed key/value assignment 2023-06-15 23:04:33 +02:00
securityConfig_test.go Fix upstream Go templates bug with reversed key/value assignment 2023-06-15 23:04:33 +02:00
whitelist.go all: Fix comments for exported functions and packages 2023-05-18 21:25:27 +02:00
whitelist_test.go Add some basic security policies with sensible defaults 2021-12-16 09:40:22 +01:00