Commit graph

109 commits

Author SHA1 Message Date
Bjørn Erik Pedersen
35fa192838 deps: Udpate to github.com/alecthomas/chroma/v2
Fixes #9932
Fixes #9931
2022-06-14 14:08:40 +02:00
Bjørn Erik Pedersen
311b8008bf
helpers: Fix panic with invalid defaultMarkdownHandler
Fixes #9968
2022-06-04 17:47:20 +02:00
Bjørn Erik Pedersen
0f8dc47037 Remove Blackfriday markdown engine
It has been deprecated for a long time, its v1 version is not maintained anymore, and there are many known issues. Goldmark should be
a mature replacement by now.

Closes #9934
2022-05-29 11:50:58 +02:00
Bjørn Erik Pedersen
4b189d8fd9 postcss: Fix import error handling
Note that we will now fail if `inlineImports` is enabled and we cannot resolve an import.

You can work around this by either:

* Use url imports or imports with media queries.
* Set `skipInlineImportsNotFound=true` in the options

Also get the argument order in the different NewFileError* funcs in line.

Fixes #9895
2022-05-15 20:25:25 +02:00
Bjørn Erik Pedersen
5c96bda70a
errors: Misc improvements
* Redo the server error template
* Always add the content file context if relevant
* Remove some now superflous error string matching
* Move the server error template to _server/error.html
* Add file context (with position) to codeblock render blocks
* Improve JS build errors

Fixes #9892
Fixes #9891
Fixes #9893
2022-05-14 13:40:56 +02:00
Bjørn Erik Pedersen
f2946da9e8 Improve error messages, esp. when the server is running
* Add file context to minifier errors when publishing
* Misc fixes (see issues)
* Allow custom server error template in layouts/server/error.html

To get to this, this commit also cleans up and simplifies the code surrounding errors and files. This also removes the usage of `github.com/pkg/errors`, mostly because of https://github.com/pkg/errors/issues/223 -- but also because most of this is now built-in to Go.

Fixes #9852
Fixes #9857
Fixes #9863
2022-05-06 19:43:22 +02:00
Bjørn Erik Pedersen
d7b54a4c37 markup/goldmark: Fix attribute nilpointer
Fixes 9819
2022-04-27 23:53:56 +02:00
Joe Mooring
a022ca271b deps: Update github.com/yuin/goldmark v1.4.11 => v1.4.12
Fixes #9054
Fixes #9756
Fixes #9757
2022-04-27 10:04:00 +02:00
Bjørn Erik Pedersen
d070bdf10f
Rework the Destination filesystem to make --renderStaticToDisk work
See #9626
2022-04-08 13:26:17 +02:00
cuishuang
48c98a8d24 Fix some typos
Signed-off-by: cuishuang <imcusg@gmail.com>
[foka@debian.org: Resolve merge conflict and squash 2 commits]
Signed-off-by: Anthony Fok <foka@debian.org>
2022-03-22 00:38:23 -06:00
Bjørn Erik Pedersen
b80853de90
all: gofmt -w -r 'interface{} -> any' .
Updates #9687
2022-03-17 22:03:27 +01:00
Bjørn Erik Pedersen
b37183e48d deps: Update github.com/yuin/goldmark v1.4.9 => v1.4.10
Fixes #9658
2022-03-12 11:24:11 +01:00
Bjørn Erik Pedersen
1a796d723c deps: Fix Goldmark regression with HTML comments
Fixes #9650
2022-03-11 14:44:01 +01:00
Bjørn Erik Pedersen
b82d95575d
Revert "markup/highlight: Add hl_inline option"
This reverts commit a360cab75a.
2022-03-10 10:06:22 +01:00
Bjørn Erik Pedersen
4e14cf7607
Fail with error when double-rendering text in markdownify/RenderString
This commit prevents the most commons case of infinite recursion in link render hooks when the `linkify` option is enabled (see below). This is always a user error, but getting a `stack overflow` (the current stack limit in Go is 1 GB on 64-bit, 250 MB on 32-bit) error isn't very helpful. This fix will not prevent all such errors, though, but we may do better once #9570 is in place.

So, these will fail:

```
<a href="{{ .Destination | safeURL }}" >{{ .Text | markdownify }}</a>
<a href="{{ .Destination | safeURL }}" >{{ .Text | .Page.RenderString }}</a>
```

`.Text` is already rendered to `HTML`. The above needs to be rewritten to:

```
<a href="{{ .Destination | safeURL }}" >{{ .Text | safeHTML }}</a>
<a href="{{ .Destination | safeURL }}" >{{ .Text | safeHTML }}</a>
```

Fixes #8959
2022-03-10 08:19:03 +01:00
Bjørn Erik Pedersen
5697348e17 markup/goldmark: Default to https for linkify
Fixes #9639
2022-03-09 22:30:10 +01:00
Bjørn Erik Pedersen
a360cab75a markup/highlight: Add hl_inline option
If set to true, the highlighted code will not be wrapped in any div.

Closes #9442
2022-03-09 11:33:13 +01:00
Bjørn Erik Pedersen
53a6210d82 markup/goldmark/codeblocks: Fix slice bounds out of range
For the Position in code blocks we try to match the .Inner with the original source. This isn't always possible.

This commits avoids panics in these situations.

Fixes #9627
2022-03-08 21:50:21 +01:00
Joe Mooring
e46e9ceb29 markup/goldmark: Escape image alt attribute
Fixes #9594
2022-03-02 21:05:33 +01:00
Bjørn Erik Pedersen
0327da050f tpl/transform: Fix it when template.HTML is passes as option to Hightlight
Fixes #9591
2022-03-02 12:30:35 +01:00
Bjørn Erik Pedersen
260ff1374d
markup/highlight: Ignore HL_lines_parsed in the gen docs 2022-02-28 08:33:34 +01:00
Bjørn Erik Pedersen
fd0c1a5e9b tpl/diagrams: Rename the SVG accessor to Wrapped
Not perfect, but it gets it in line with the other .Inner/.Wrapped combos.
2022-02-27 19:51:40 +01:00
Bjørn Erik Pedersen
3ad39001df markup/highlight: Rework the return value from HighlightCodeblock
To make it possible to render it with a custom HTML ("<div>")  wrapper.

Updates #9573
2022-02-27 19:51:40 +01:00
Bjørn Erik Pedersen
f7109771a0 CodeblockContext method renames
Fixes #9577
2022-02-27 17:59:36 +01:00
Bjørn Erik Pedersen
5f65c17a12 markup/goldmark: Adjust test for Windows 2022-02-26 21:54:36 +01:00
Bjørn Erik Pedersen
579ff9b652 markup/goldmark: Improve attributes vs options
Fixes #9571
2022-02-26 21:54:36 +01:00
Bjørn Erik Pedersen
928a896962 markup/goldmark: Add Position to CodeblockContext
But note that this is not particulary fast and the recommendad usage is error logging only.

Updates #9574
2022-02-26 21:54:36 +01:00
Bjørn Erik Pedersen
2e54c00933 markup/goldmark: Unify some code block tests 2022-02-26 21:54:36 +01:00
Bjørn Erik Pedersen
10928a4f78 Remove the trailing new line in .Code
Fixes #9572
2022-02-26 21:54:36 +01:00
Bjørn Erik Pedersen
afd63bf7d5 markup/goldmark: Rename extension struct 2022-02-26 21:54:36 +01:00
Bjørn Erik Pedersen
0f80be341f markup/goldmark: Use Ordinal to create default lineanchors
The `Ordinal` starts at 0, so with a `hl-` prefix, this gives `hl-0-1` as a starting point.

Fixes #9567
2022-02-25 17:22:43 +01:00
Kaushal Modi
6bffcdbd26 Add test for line anchor attributes with code fences
Fixes https://github.com/gohugoio/hugo/issues/9385.
2022-02-24 22:54:49 +01:00
Bjørn Erik Pedersen
08fdca9d93 Add Markdown diagrams and render hooks for code blocks
You can now create custom hook templates for code blocks, either one for all (`render-codeblock.html`) or for a given code language (e.g. `render-codeblock-go.html`).

We also used this new hook to add support for diagrams in Hugo:

* Goat (Go ASCII Tool) is built-in and enabled by default; just create a fenced code block with the language `goat` and start draw your Ascii diagrams.
* Another popular alternative for diagrams in Markdown, Mermaid (supported by GitHub), can also be implemented with a simple template. See the Hugo documentation for more information.

Updates #7765
Closes #9538
Fixes #9553
Fixes #8520
Fixes #6702
Fixes #9558
2022-02-24 18:59:50 +01:00
Bjørn Erik Pedersen
4ada09415d
markup/goldmark: Add BenchmarkCodeblocks 2022-02-21 20:53:52 +01:00
Joe Mooring
ff545f4276
markup/goldmark: Exclude event attributes from markdown render hook
Fixes #9511
2022-02-16 19:56:23 +01:00
Bjørn Erik Pedersen
b2a827c52c markup/goldmark: Fix mangling of headers/links in render hooks
```bash

name                    old time/op    new time/op    delta
SiteWithRenderHooks-10    11.9ms ± 1%    11.9ms ± 1%    ~     (p=0.486 n=4+4)

name                    old alloc/op   new alloc/op   delta
SiteWithRenderHooks-10    11.2MB ± 0%    11.3MB ± 0%  +0.16%  (p=0.029 n=4+4)

name                    old allocs/op  new allocs/op  delta
SiteWithRenderHooks-10      145k ± 0%      145k ± 0%  +0.14%  (p=0.029 n=4+4)
```

Fixes #9504
2022-02-16 17:46:30 +01:00
Bjørn Erik Pedersen
77c7059ff8
markup/goldmark: Add a render hook benchmark
Updates #9504
2022-02-16 13:30:53 +01:00
Bjørn Erik Pedersen
ea54a99ca5 deps: Update github.com/alecthomas/chroma v0.9.4 => v0.10.0 2022-02-15 10:37:14 +01:00
Joe Mooring
f7bc4cc505 Exclude event attributes when rendering markdown
Closes #9463
2022-02-10 18:25:19 +01:00
Joe Mooring
20a7ce7c1b Do not render hl_style as an HTML attribute
Fixes #9390
2022-01-16 17:09:18 +01:00
Bjørn Erik Pedersen
1651beb2c1 Remove mmark
Closes #9350
2022-01-04 17:10:39 +01:00
Bjørn Erik Pedersen
f4389e48ce
Add some basic security policies with sensible defaults
This ommmit contains some security hardening measures for the Hugo build runtime.

There are some rarely used features in Hugo that would be good to have disabled by default. One example would be the "external helpers".

For `asciidoctor` and some others we use Go's `os/exec` package to start a new process.

These are a predefined set of binary names, all loaded from `PATH` and with a predefined set of arguments. Still, if you don't use `asciidoctor` in your project, you might as well have it turned off.

You can configure your own in the new `security` configuration section, but the defaults are configured to create a minimal amount of site breakage. And if that do happen, you will get clear instructions in the loa about what to do.

The default configuration is listed below. Note that almost all of these options are regular expression _whitelists_ (a string or a slice); the value `none` will block all.

```toml
[security]
  enableInlineShortcodes = false
  [security.exec]
    allow = ['^dart-sass-embedded$', '^go$', '^npx$', '^postcss$']
    osEnv = ['(?i)^(PATH|PATHEXT|APPDATA|TMP|TEMP|TERM)$']

  [security.funcs]
    getenv = ['^HUGO_']

  [security.http]
    methods = ['(?i)GET|POST']
    urls = ['.*']
```
2021-12-16 09:40:22 +01:00
Helder Pereira
7a15edafe2 highlight: Add tabindex when code is not highlighted 2021-08-23 12:28:45 +02:00
Helder Pereira
d966f5d08d highlight: Remove some pygments references 2021-08-21 15:50:49 +02:00
rhymes
f27e542442
markup: Add tabindex="0" to default <pre> wrapper
Currently the generated `<pre>` element isn't fully accessible as it can't be focused by keyboard users.
To make this fully accessible, the attribute `tabindex="0"` should be added to the `<pre>` tag.

Closes #7194
2021-07-15 16:48:39 +02:00
Bjørn Erik Pedersen
805664818d markup/goldmark: Rename/reorder the hook methods
To make them easier to follow.

See #8755
2021-07-15 10:14:52 +02:00
Bjørn Erik Pedersen
ee3d2bb1d3 markup/goldmark: Support auto links in render hook
Fixes #8755
2021-07-15 10:14:52 +02:00
Bjørn Erik Pedersen
a7e3da242f
markup: Rename Header(s) to Heading(s) in ToC struct
Because that is what it is.
2021-06-19 18:19:46 +02:00
Bjørn Erik Pedersen
d392893cd7
Misc config loading fixes
The main motivation behind this is simplicity and correctnes, but the new small config library is also faster:

```
BenchmarkDefaultConfigProvider/Viper-16         	  252418	      4546 ns/op	    2720 B/op	      30 allocs/op
BenchmarkDefaultConfigProvider/Custom-16        	  450756	      2651 ns/op	    1008 B/op	       6 allocs/op
```

Fixes #8633
Fixes #8618
Fixes #8630
Updates #8591
Closes #6680
Closes #5192
2021-06-14 17:00:32 +02:00
Niklas Fasching
fa432b17b3 org: Disable broken pretty relative links feature
go-org PrettyRelativeLinks rewrites relative org links by
- adding `../` in front
- removing any `.org` suffix

This was meant to play well with hugo pretty urls (which pretty much renders
posts in a subdirectory without the file suffix) and allow use of normal org
file links to reference other posts.

There's a lot of edge cases I didn't consider and multiple bug reports in
go-org [1] later I don't think the complexity of handling those edge cases is
worth it - so let's disable it.

[1]
- https://github.com/niklasfasching/go-org/issues/53
- 5dadf8c4c2 (comment)
- https://github.com/niklasfasching/go-org/issues/51
2021-04-12 08:08:53 +02:00