We do lazy initialization and (potentially) reuse of an output format's rendered content. We do this evaluation when we
start a new rendering a new output format. There are, however, situation where these borders gets crossed (e.g.
accessing content from another output format). We have a check for this in place for most cases, but not the content
rendering of inner markdown blocks inside shortcodes. This patch applies that same logic to the newly introduced
RenderContent method (which is not available from the templates).
Fixes#10391
In `v0.103.0` we added support for `resources.PostProcess` for all file types, not just HTML. We had benchmarks that said we were fine in that department, but those did not consider the static file syncing.
This fixes that by:
* Making sure that the /static syncer always gets its own file system without any checks for the post process token.
* For dynamic files (e.g. rendered HTML files) we add an additional check to make sure that we skip binary files (e.g. images)
Fixes#10328
This issue was introduced in `v0.102.0`.
In 223bf28004 we removed the byte source from the parsed page result, which
meant we had to preserve exact positioning for all elements. This introduced some new `TypeIgnore` tokens
which we, wrongly, assumed didn't matter where we put in the result slice (they should be ignored anyway).
But it seems that this broke the logic where we determine if it's positional or named params in the case
where the paramater value contains escaped quoutes.
This commit makes sure that these ignore tokens (the back slashes) are never sent back to the client, which is how it was before `v0.102.0`.
This commit also fixes some lost error information in that same commit.
Fixes#10236
Note that this has only been a problem with "raw dates" in TOML files in /data and similar. The predefined front matter
dates `.Date` etc. are converted to a Go Time and has worked fine even after upgrading to v2 of the go-toml lib.
Fixes#9979
This commit adds a new `.InnerDeindent` method to the shortcode context, which is `.Inner` with any
indendation removed. This is then used in the built-in `highlight` shortcode to prevent the extra
whitespace getting hightlighted.
Fixes#4717
* Record the leading whitespace (tabs, spaces) before the shortcode when parsing the page.
* Apply that indentation to the rendered result of shortcodes without inner content (where the user will apply indentation).
Fixes#9946
The motivation behind this is not to make it easier to publish Markdown files, as that sounds unusual.
This is mainly meant for shortcodes that produces Markdown to be inlined.
You would do this by creating shortcodes with `*.md` suffix (e.g. `layouts/shortcodes/myshortcode.md`).
This output format is defined as plain text, and will use Go's much more lenient text template parser.
Updates #9821
It has been deprecated for a long time, its v1 version is not maintained anymore, and there are many known issues. Goldmark should be
a mature replacement by now.
Closes#9934
There may be sites in the wild that depends on the faulty behaviour of IsDescendant/IsAncestor when comparing to itself, but
* The documentation and common sense says that a thing cannot be descendant or ancestor to itself.
* The bug introduced in `HasMenuCurrent` comes directly from that confusion.
Fixes#9846
This commit replaces the main part of `helpers.StripHTML` with Go's implementation in its html/template package.
It's a little slower, but correctness is more important:
```bash
BenchmarkStripHTMLOld-10 680316 1764 ns/op 728 B/op 4 allocs/op
BenchmarkStripHTMLNew-10 384520 3099 ns/op 2089 B/op 10 allocs/op
```
Fixes#9199Fixes#9909Closes#9410
Note that we will now fail if `inlineImports` is enabled and we cannot resolve an import.
You can work around this by either:
* Use url imports or imports with media queries.
* Set `skipInlineImportsNotFound=true` in the options
Also get the argument order in the different NewFileError* funcs in line.
Fixes#9895
* Redo the server error template
* Always add the content file context if relevant
* Remove some now superflous error string matching
* Move the server error template to _server/error.html
* Add file context (with position) to codeblock render blocks
* Improve JS build errors
Fixes#9892Fixes#9891Fixes#9893
* Add file context to minifier errors when publishing
* Misc fixes (see issues)
* Allow custom server error template in layouts/server/error.html
To get to this, this commit also cleans up and simplifies the code surrounding errors and files. This also removes the usage of `github.com/pkg/errors`, mostly because of https://github.com/pkg/errors/issues/223 -- but also because most of this is now built-in to Go.
Fixes#9852Fixes#9857Fixes#9863
These are not documented, and they don't belong on Page. We should consider having author a first class citizen of Hugo, but as it is not it's better modelled as a taxonomy.
And make both .Resources and resources implement it.
This gets us 2 new methods/functions, so you can now also do:
* .Resources.Get
* resources.ByType
Note that GetRemote is not covered by this interface, as that is only available as a global template function.
Fixes#8653
This commit adds a .Data object (a map with `Body`, `StatusCode` etc.) to the .Err returned from `resources.GetRemote`, which means you can now do:
```
{{ with .Err }}
{{ range $k, $v := .Data }}
{{ end }}
{{ end }}
```
Fixes#9708
* @warn and Sass deprecations are printed as WARN
* @debug is currently logged as INFO (needs the `--verbose` flag). We may adjust this if it gets too chatty.
Fixes#9683
This commit prevents the most commons case of infinite recursion in link render hooks when the `linkify` option is enabled (see below). This is always a user error, but getting a `stack overflow` (the current stack limit in Go is 1 GB on 64-bit, 250 MB on 32-bit) error isn't very helpful. This fix will not prevent all such errors, though, but we may do better once #9570 is in place.
So, these will fail:
```
<a href="{{ .Destination | safeURL }}" >{{ .Text | markdownify }}</a>
<a href="{{ .Destination | safeURL }}" >{{ .Text | .Page.RenderString }}</a>
```
`.Text` is already rendered to `HTML`. The above needs to be rewritten to:
```
<a href="{{ .Destination | safeURL }}" >{{ .Text | safeHTML }}</a>
<a href="{{ .Destination | safeURL }}" >{{ .Text | safeHTML }}</a>
```
Fixes#8959
For the Position in code blocks we try to match the .Inner with the original source. This isn't always possible.
This commits avoids panics in these situations.
Fixes#9627
You can now create custom hook templates for code blocks, either one for all (`render-codeblock.html`) or for a given code language (e.g. `render-codeblock-go.html`).
We also used this new hook to add support for diagrams in Hugo:
* Goat (Go ASCII Tool) is built-in and enabled by default; just create a fenced code block with the language `goat` and start draw your Ascii diagrams.
* Another popular alternative for diagrams in Markdown, Mermaid (supported by GitHub), can also be implemented with a simple template. See the Hugo documentation for more information.
Updates #7765Closes#9538Fixes#9553Fixes#8520Fixes#6702Fixes#9558
I have had this living in a separate branch for now, but we need this in the main branch sooner rather than later.
One big advantage of this is that integration tests can live in any package, not just hugolib.
We changed the signature to `func(...interface{}) (interface{}, error)` some time ago, but sadly we had no test for this for `apply`. Now we do.
Fixes#9393
When a template calls the .Translations function and a
Hugo environment is using multiple output formats,
a template that calls methods like .Summary and .Len on
each translation will unexpectedly show empty return
values for these methods.
This is because each pageOutput's ContentProvider is
assigned to a page.NopPage in newPageOutput. When
*HugoSites.render assigns pageContentOutputs to
pageOutputs in *pageState.shiftToOutputFormat, it
reuses pageContentOutputs from other pageOutputs,
leaving some pageContentOutputs as NopPages. While this
approach conserves resources, sometimes it means that
a template will unexpectedly call a method on a
pageContentOutput that is actually a NopPage.
In the case of ContentProvider methods called on
translations for alternative output formats, the methods
were called on NopPages.
This change introduces LazyContentProvider, which
performs late initialization when one of its methods is
called. This way, we can reuse content in "normal" cases
but ensure that ContentProvider methods work as expected
when a pageOutput is not assigned a pageContentOutput
during the initial pre-render phase.
Fixes#8919
In page.NewOutputFormat, we take an output.Format f and use it to
create a page.OutputFormat. If the format is canonical, we assign
the final OutputFormat's Rel to "canonical" rather than using
f.Rel. However, this leads to unexpected behavior for custom
output formats, where a user can define a "rel" for a format
via the config file.
For example, the standard for "humans.txt" files requires using
rel="author" in HTML "link" elements. Meanwhile, humans.txt is
usually the only format used for its content. As a result, for
Hugo configurations that define a humans.txt custom output format,
Hugo will render "link" elements to content in this format with
rel="canonical," rather than "author" as required by the standard.
This commit changes page.NewOutputFormat to check whether a given
format is user defined and, if so, skips assigning Rel to
"canonical," even if isCanonical is true.
Fixes#8030
* Before this commit, when you had static files in the root of /content and no /public folder, that folder would not be created unless the /static syncer had already run.
* So, with a common pattern doing `rm -rf public && hugo` would the fail now and then because /static and /content are processed in parallel (unless you have cleanDestinationDir=true)
* This was even worse before commit 0b918e131f – a frozen build.
Closes#8166
In Hugo 0.89 we added remote support to `resources.Get`.
In hindsight that was not a great idea, as a poll from many Hugo users showed. See Issue #9285 for more details.
After this commit `resources.Get` only supports local resource lookups. If you want to support both, you need to use a construct similar to:
Also improve some option case handling.
```
{{ resource := "" }}
{{ if (urls.Parse $url).IsAbs }}
{{ $resource = resources.GetRemote $url }}
{{ else }}
{{ $resource = resources.Get $url }}
{{ end }}
```
Fixes#9285Fixes#9296
Partials with returns values are parsed, then inserted into a
partial return wrapper via wrapInPartialReturnWrapper in order
to assign the return value via *contextWrapper.Set. The
predefined wrapper template for partials inserts a partial's nodes
into a "with" template action in order to set dot to a
*contextWrapper within the partial. However, because "with" is
skipped if its argument is falsy, partials with falsy arguments
were not being evaluated.
This replaces the "with" action in the partial wrapper with a
"range" action that isn't skipped if .Arg is falsy.
Fixes#7528
This ommmit contains some security hardening measures for the Hugo build runtime.
There are some rarely used features in Hugo that would be good to have disabled by default. One example would be the "external helpers".
For `asciidoctor` and some others we use Go's `os/exec` package to start a new process.
These are a predefined set of binary names, all loaded from `PATH` and with a predefined set of arguments. Still, if you don't use `asciidoctor` in your project, you might as well have it turned off.
You can configure your own in the new `security` configuration section, but the defaults are configured to create a minimal amount of site breakage. And if that do happen, you will get clear instructions in the loa about what to do.
The default configuration is listed below. Note that almost all of these options are regular expression _whitelists_ (a string or a slice); the value `none` will block all.
```toml
[security]
enableInlineShortcodes = false
[security.exec]
allow = ['^dart-sass-embedded$', '^go$', '^npx$', '^postcss$']
osEnv = ['(?i)^(PATH|PATHEXT|APPDATA|TMP|TEMP|TERM)$']
[security.funcs]
getenv = ['^HUGO_']
[security.http]
methods = ['(?i)GET|POST']
urls = ['.*']
```
In Hugo 0.90.0 we introduced remote support in `resources.Get`.
But with remote resources comes with a higher chance of failing a build (network issues, remote server down etc.).
Before this commit we always failed the build on any unexpected error.
This commit allows the user to check for any error (and potentially fall back to a default local resource):
```htmlbars
{{ $result := resources.Get "https://gohugo.io/img/hugo-logo.png" }}
{{ with $result }}
{{ if .Err }}
{{/* log the error, insert a default image etc. *}}
{{ else }}
<img src="{{ .RelPermalink }}" width="{{ .Width }}" height="{{ .Height }}" alt="">
{{ end }}
{{ end }}
```
Note that the default behaviour is still to fail the build, but we will delay that error until you start using the `Resource`.
Fixes#9529
The existing endpoint will be retired and removed on November 23, 2021.
References:
- https://twittercommunity.com/t/consolidating-the-oembed-functionality/154690
- https://developer.twitter.com/en/docs/twitter-for-websites/oembed-api#Embedded
This is a backward compatible change.
The existing endpoint requires a single parameter: the id of the tweet.
The new endpoint requires two parameters: the id of the tweet, and the
user with whom it is associated. For the moment, if you supply the wrong
user, the request will be redirected (with a small delay) to the correct
user/id pair. This behavior is undocumented, but we will take advantage
of it as Hugo site authors transition to the new syntax.
{{< tweet 1453110110599868418 >}} --> works, throws warning, deprecate at some point
{{< tweet user="SanDiegoZoo" id="1453110110599868418" >}} --> new syntax
Fixes#8130
The old implementation had some issues, mostly related to the context (e.g. name, file paths) passed to the template.
This new implementation is using the exact same code path for evaluating the pages as in a regular build.
This also makes it more robust and easier to reason about in a multilingual setup.
Now, if you are explicit about the target path, Hugo will now always pick the correct mount and language:
```bash
hugo new content/en/posts/my-first-post.md
```
Fixes#9032Fixes#7589Fixes#9043Fixes#9046Fixes#9047
Previously, *minifyTransformation.Transform suppressed the
error returned by t.m.Minify. This meant that when minification
returned an error, the error would not reach the user. Instead,
minification would silently fail. For example, if a JavaScript
file included a call to the Date constructor with:
new Date(2020, 04, 02)
The package that the minification library uses to parse JS files,
github.com/tdewolff/parse would return an error, since "04" would
be parsed as a legacy octal. However, the JS file would remain
un-minified with no error.
Fixing this is not as simple as replacing "_" with an "err" in
*minifyTransformation.Transform, however (though this is
necessary). If we only returned this error from Transform,
then hugolib.TestResourceMinifyDisabled would fail. Instead of
being a no-op, as TestResourceMinifyDisabled expects, using the
"minify" template function with a "disableXML=true" config
setting instead returns the error, "minifier does not exist for
mimetype."
The "minifier does not exist" error is returned because of the
way minifiers.New works. If the user's config disables
minification for a particular MIME type, minifiers.New does
not add it to the resulting Client's *minify.M. However, this
also means that when the "minify" template function is executed,
a *resourceAdapter's transformations still add a minification.
When it comes time to call the minify.Minifier for a specific
MIME type via *M.MinifyMimetype, the github.com/tdewolff/minify
library throws the "does not exist" error for the missing MIME
type.
The solution was to change minifiers.New so, instead of skipping
a minifier for each disabled MIME type, it adds a NoOpMinifier,
which simply copies the source to the destination without
minification. This means that when the "minify" template
function is used for a particular resource, and that resource's
MIME type has minification disabled, minification is genuinely
skipped, and does not result in an error.
In order to add this, I've fixed a possibly unwanted interaction
between minifiers.TestConfigureMinify and
hugolib.TestResourceMinifyDisabled. The latter disables
minification and expects minification to be a no-op. The former
disables minification and expects it to result in an error. The
only reason hugolib.TestResourceMinifyDisabled passes in the
original code is that the "does not exist" error is suppressed.
However, we shouldn't suppress minification errors, since they
can leave users perplexed. I've changed the test assertion in
minifiers.TestConfigureMinify to expect no errors and a no-op
if minification is disabled for a particular MIME type.
Fixes#8954
Unless the merge strategy is set up to do so.
For `disableKinds` the current workaround is to make sure the project config has an entry, even if is empty:
```
disableKinds = []
```
Note that this issue only touches root, non-map config-values that either is not set in project config or in Hugo's defaults.
Fixes#8866
We have been using `go-toml` for language files only. This commit makes it the only TOML library.
It's spec compliant and very fast.
A benchark building a site with 200 pages with TOML front matter:
```bash
name old time/op new time/op delta
SiteNew/Regular_TOML_front_matter-16 48.5ms ± 1% 47.1ms ± 1% -2.85% (p=0.029 n=4+4)
name old alloc/op new alloc/op delta
SiteNew/Regular_TOML_front_matter-16 16.9MB ± 0% 16.7MB ± 0% -1.56% (p=0.029 n=4+4)
name old allocs/op new allocs/op delta
SiteNew/Regular_TOML_front_matter-16 302k ± 0% 296k ± 0% -2.20% (p=0.029 n=4+4)
```
Note that the front matter unmarshaling is only a small part of building a site, so the above is very good.
Fixes#8801