When sorting strings a worng order is returned. This happens because the strings are first converted
to floating values to check whether or not they should be sorted as
floating values. When an error is returned the strings will be
handled as string literals.
No error will be returned when parsing Inf, Infinity or NaN (case insensitive) because they
will be coverted to special floating point values and therefore are
legal float values.
Now we check if the returned converted values are special floating
values and treat them as string literals.
Fixes#10389
Very visible when using the pprof mutex profiler.
```bash
name old time/op new time/op delta
Baseline-10 58.4ms ± 1% 51.6ms ± 0% -11.56% (p=0.029 n=4+4)
name old alloc/op new alloc/op delta
Baseline-10 64.3MB ± 0% 64.2MB ± 0% ~ (p=0.114 n=4+4)
name old allocs/op new allocs/op delta
Baseline-10 649k ± 0% 649k ± 0% ~ (p=0.229 n=4+4)
```
Note that this has only been a problem with "raw dates" in TOML files in /data and similar. The predefined front matter
dates `.Date` etc. are converted to a Go Time and has worked fine even after upgrading to v2 of the go-toml lib.
Fixes#9979
This commit adds a new `.InnerDeindent` method to the shortcode context, which is `.Inner` with any
indendation removed. This is then used in the built-in `highlight` shortcode to prevent the extra
whitespace getting hightlighted.
Fixes#4717
By using the input map as the basis, which means the hash will not change if we add/rename/remove options.
This happened in Hugo 0.99, as we added a new options. This is unortunate.
Unfortunately this means that the cache keys for PostCSS will change one more time in 0.100, but will be stable going forward.
Note that we have implemented this pattern in all the other resource transformers.
Updates #9787
This commit replaces the main part of `helpers.StripHTML` with Go's implementation in its html/template package.
It's a little slower, but correctness is more important:
```bash
BenchmarkStripHTMLOld-10 680316 1764 ns/op 728 B/op 4 allocs/op
BenchmarkStripHTMLNew-10 384520 3099 ns/op 2089 B/op 10 allocs/op
```
Fixes#9199Fixes#9909Closes#9410
Note that we will now fail if `inlineImports` is enabled and we cannot resolve an import.
You can work around this by either:
* Use url imports or imports with media queries.
* Set `skipInlineImportsNotFound=true` in the options
Also get the argument order in the different NewFileError* funcs in line.
Fixes#9895
* Redo the server error template
* Always add the content file context if relevant
* Remove some now superflous error string matching
* Move the server error template to _server/error.html
* Add file context (with position) to codeblock render blocks
* Improve JS build errors
Fixes#9892Fixes#9891Fixes#9893
We cannot (also, it doesn't add any value) use that when the `clock` is set,
* To measure time (before that global is set)
* To compare file timestamps re cache eviction
Fixes#9868
* Add file context to minifier errors when publishing
* Misc fixes (see issues)
* Allow custom server error template in layouts/server/error.html
To get to this, this commit also cleans up and simplifies the code surrounding errors and files. This also removes the usage of `github.com/pkg/errors`, mostly because of https://github.com/pkg/errors/issues/223 -- but also because most of this is now built-in to Go.
Fixes#9852Fixes#9857Fixes#9863
And make both .Resources and resources implement it.
This gets us 2 new methods/functions, so you can now also do:
* .Resources.Get
* resources.ByType
Note that GetRemote is not covered by this interface, as that is only available as a global template function.
Fixes#8653
This commit adds a .Data object (a map with `Body`, `StatusCode` etc.) to the .Err returned from `resources.GetRemote`, which means you can now do:
```
{{ with .Err }}
{{ range $k, $v := .Data }}
{{ end }}
{{ end }}
```
Fixes#9708
This commit prevents the most commons case of infinite recursion in link render hooks when the `linkify` option is enabled (see below). This is always a user error, but getting a `stack overflow` (the current stack limit in Go is 1 GB on 64-bit, 250 MB on 32-bit) error isn't very helpful. This fix will not prevent all such errors, though, but we may do better once #9570 is in place.
So, these will fail:
```
<a href="{{ .Destination | safeURL }}" >{{ .Text | markdownify }}</a>
<a href="{{ .Destination | safeURL }}" >{{ .Text | .Page.RenderString }}</a>
```
`.Text` is already rendered to `HTML`. The above needs to be rewritten to:
```
<a href="{{ .Destination | safeURL }}" >{{ .Text | safeHTML }}</a>
<a href="{{ .Destination | safeURL }}" >{{ .Text | safeHTML }}</a>
```
Fixes#8959
This is a rollback of 0927cf739f
We cannot do that change until we either completes #9570 or possibly also use the new TryLock in GO 1.18.
Fixes#9588
Opens #4086
You can now create custom hook templates for code blocks, either one for all (`render-codeblock.html`) or for a given code language (e.g. `render-codeblock-go.html`).
We also used this new hook to add support for diagrams in Hugo:
* Goat (Go ASCII Tool) is built-in and enabled by default; just create a fenced code block with the language `goat` and start draw your Ascii diagrams.
* Another popular alternative for diagrams in Markdown, Mermaid (supported by GitHub), can also be implemented with a simple template. See the Hugo documentation for more information.
Updates #7765Closes#9538Fixes#9553Fixes#8520Fixes#6702Fixes#9558
The change in lock logic for `partialCached` in 0927cf739f was naive as it didn't consider cached partials calling other cached partials.
This changeset may look on the large side for this particular issue, but it pulls in part of a working branch, introducing `context.Context` in the template execution.
Note that the context is only partially implemented in this PR, but the upcoming use cases will, as one example, include having access to the top "dot" (e.g. `Page`) all the way down into partials and shortcodes etc.
The earlier benchmarks rerun against master:
```bash
name old time/op new time/op delta
IncludeCached-10 13.6ms ± 2% 13.8ms ± 1% ~ (p=0.343 n=4+4)
name old alloc/op new alloc/op delta
IncludeCached-10 5.30MB ± 0% 5.35MB ± 0% +0.96% (p=0.029 n=4+4)
name old allocs/op new allocs/op delta
IncludeCached-10 74.7k ± 0% 75.3k ± 0% +0.77% (p=0.029 n=4+4)
```
Fixes#9519
This commit revises the locking strategy for `partialCached`. We have added a benchmark that may be a little artificial, but it should at least show that we're not losing any performance over this:
```bash
name old time/op new time/op delta
IncludeCached-10 12.2ms ± 2% 11.3ms ± 1% -7.36% (p=0.029 n=4+4)
name old alloc/op new alloc/op delta
IncludeCached-10 7.17MB ± 0% 5.09MB ± 0% -29.00% (p=0.029 n=4+4)
name old allocs/op new allocs/op delta
IncludeCached-10 128k ± 1% 70k ± 0% -45.42% (p=0.029 n=4+4)
```
This commit also revises the template metrics hints logic a little, and add a test for it, which output is currently this:
```bash
cumulative average maximum cache percent cached total
duration duration duration potential cached count count template
---------- -------- -------- --------- ------- ------ ----- --------
163.334µs 163.334µs 163.334µs 0 0 0 1 index.html
23.749µs 5.937µs 19.916µs 25 50 2 4 partials/dynamic1.html
9.625µs 4.812µs 6.75µs 100 50 1 2 partials/static1.html
7.625µs 7.625µs 7.625µs 100 0 0 1 partials/static2.html
```
Some notes:
* The duration now includes the cached invocations (which should be very short)
* A cached template gets executed once before it gets cached, so the "percent cached" will never be 100.
Fixes#4086Fixes#9506
We changed the signature to `func(...interface{}) (interface{}, error)` some time ago, but sadly we had no test for this for `apply`. Now we do.
Fixes#9393
This is a security hardening measure; don't trust the URL extension or any `Content-Type`/`Content-Disposition` header on its own, always look at the file content using Go's `http.DetectContentType`.
This commit also adds ttf and otf media type definitions to Hugo.
Fixes#9302Fixes#9301
In Hugo 0.89 we added remote support to `resources.Get`.
In hindsight that was not a great idea, as a poll from many Hugo users showed. See Issue #9285 for more details.
After this commit `resources.Get` only supports local resource lookups. If you want to support both, you need to use a construct similar to:
Also improve some option case handling.
```
{{ resource := "" }}
{{ if (urls.Parse $url).IsAbs }}
{{ $resource = resources.GetRemote $url }}
{{ else }}
{{ $resource = resources.Get $url }}
{{ end }}
```
Fixes#9285Fixes#9296
Partials with returns values are parsed, then inserted into a
partial return wrapper via wrapInPartialReturnWrapper in order
to assign the return value via *contextWrapper.Set. The
predefined wrapper template for partials inserts a partial's nodes
into a "with" template action in order to set dot to a
*contextWrapper within the partial. However, because "with" is
skipped if its argument is falsy, partials with falsy arguments
were not being evaluated.
This replaces the "with" action in the partial wrapper with a
"range" action that isn't skipped if .Arg is falsy.
Fixes#7528
This ommmit contains some security hardening measures for the Hugo build runtime.
There are some rarely used features in Hugo that would be good to have disabled by default. One example would be the "external helpers".
For `asciidoctor` and some others we use Go's `os/exec` package to start a new process.
These are a predefined set of binary names, all loaded from `PATH` and with a predefined set of arguments. Still, if you don't use `asciidoctor` in your project, you might as well have it turned off.
You can configure your own in the new `security` configuration section, but the defaults are configured to create a minimal amount of site breakage. And if that do happen, you will get clear instructions in the loa about what to do.
The default configuration is listed below. Note that almost all of these options are regular expression _whitelists_ (a string or a slice); the value `none` will block all.
```toml
[security]
enableInlineShortcodes = false
[security.exec]
allow = ['^dart-sass-embedded$', '^go$', '^npx$', '^postcss$']
osEnv = ['(?i)^(PATH|PATHEXT|APPDATA|TMP|TEMP|TERM)$']
[security.funcs]
getenv = ['^HUGO_']
[security.http]
methods = ['(?i)GET|POST']
urls = ['.*']
```
In Hugo 0.90.0 we introduced remote support in `resources.Get`.
But with remote resources comes with a higher chance of failing a build (network issues, remote server down etc.).
Before this commit we always failed the build on any unexpected error.
This commit allows the user to check for any error (and potentially fall back to a default local resource):
```htmlbars
{{ $result := resources.Get "https://gohugo.io/img/hugo-logo.png" }}
{{ with $result }}
{{ if .Err }}
{{/* log the error, insert a default image etc. *}}
{{ else }}
<img src="{{ .RelPermalink }}" width="{{ .Width }}" height="{{ .Height }}" alt="">
{{ end }}
{{ end }}
```
Note that the default behaviour is still to fail the build, but we will delay that error until you start using the `Resource`.
Fixes#9529