Bjørn Erik Pedersen
623dda7174
Revert "config/security: Add HOME to default exec env var whitelist"
...
There have been one report in the wild suggesting that this needs to be tested better before doing:
https://discourse.gohugo.io/t/hugo-mod-failing-in-v0-91-1-but-works-in-v0-91-0/36180/5
This reverts commit fca266ebbb
.
2021-12-23 16:23:15 +01:00
Bjørn Erik Pedersen
fca266ebbb
config/security: Add HOME to default exec env var whitelist
...
See #9309
2021-12-22 11:33:59 +01:00
Bjørn Erik Pedersen
6df2f080c9
docs: Regen docs helper
2021-12-17 10:31:08 +01:00
Bjørn Erik Pedersen
f4389e48ce
Add some basic security policies with sensible defaults
...
This ommmit contains some security hardening measures for the Hugo build runtime.
There are some rarely used features in Hugo that would be good to have disabled by default. One example would be the "external helpers".
For `asciidoctor` and some others we use Go's `os/exec` package to start a new process.
These are a predefined set of binary names, all loaded from `PATH` and with a predefined set of arguments. Still, if you don't use `asciidoctor` in your project, you might as well have it turned off.
You can configure your own in the new `security` configuration section, but the defaults are configured to create a minimal amount of site breakage. And if that do happen, you will get clear instructions in the loa about what to do.
The default configuration is listed below. Note that almost all of these options are regular expression _whitelists_ (a string or a slice); the value `none` will block all.
```toml
[security]
enableInlineShortcodes = false
[security.exec]
allow = ['^dart-sass-embedded$', '^go$', '^npx$', '^postcss$']
osEnv = ['(?i)^(PATH|PATHEXT|APPDATA|TMP|TEMP|TERM)$']
[security.funcs]
getenv = ['^HUGO_']
[security.http]
methods = ['(?i)GET|POST']
urls = ['.*']
```
2021-12-16 09:40:22 +01:00
Bjørn Erik Pedersen
6183184b96
Merge commit '45e6fdb315d113ba13e20a633ed0c67e3f25170d'
2021-12-13 21:05:10 +01:00
Bjørn Erik Pedersen
e86b331138
docs: Regenerate docs helper
2021-12-08 08:56:16 +01:00
Bjørn Erik Pedersen
6c841a691e
Merge commit '8d9511a08f14260cbfb73119e4afae50e5a9966d'
2021-12-08 08:54:25 +01:00
Bjørn Erik Pedersen
e71d715b9b
Add custom font support to images.Text
...
Fixes #9253
2021-12-07 16:53:02 +01:00
Paul van Brouwershaven
283394a4fd
images: Text filter that draws text with the given options ( #9239 )
...
Fixes #9238
2021-12-07 11:29:55 +01:00
Joe Mooring
5538507e90
tpl/transform: Optional options for highlight func
...
Closes #9249
Fixes gohugoio/hugoDocs#63
2021-12-07 11:26:56 +01:00
Paul van Brouwershaven
0eaaa8fee3
Implement XML data support
...
Example:
```
{{ with resources.Get "https://example.com/rss.xml " | transform.Unmarshal }}
{{ range .channel.item }}
<strong>{{ .title | plainify | htmlUnescape }}</strong><br />
<p>{{ .description | plainify | htmlUnescape }}</p>
{{ $link := .link | plainify | htmlUnescape }}
<a href="{{ $link }}">{{ $link }}</a><br />
<hr>
{{ end }}
{{ end }}
```
Closes #4470
2021-12-02 17:30:36 +01:00
Paul van Brouwershaven
66753416b5
Make resources.Get use a file cache for remote resources
...
Closes #9228
2021-12-02 12:56:25 +01:00
Paul van Brouwershaven
8aa7257f65
Add remote support to resources.Get
...
Closes #5255
Supports #9044
2021-11-30 11:49:51 +01:00
hugoreleaser
ab01ba6e7e
releaser: Add release notes to /docs for release of 0.89.4
...
[ci skip]
2021-11-17 08:24:08 +00:00
hugoreleaser
c88cdb5610
releaser: Add release notes to /docs for release of 0.89.3
...
[ci skip]
2021-11-15 12:17:45 +00:00
hugoreleaser
63e3a5ebb2
releaser: Add release notes to /docs for release of 0.89.2
...
[ci skip]
2021-11-08 15:22:23 +00:00
hugoreleaser
b6a4ae4ad5
releaser: Add release notes to /docs for release of 0.89.1
...
[ci skip]
2021-11-05 15:44:32 +00:00
hugoreleaser
ade966b84b
releaser: Add release notes to /docs for release of 0.89.0
...
[ci skip]
2021-11-02 10:00:17 +00:00
Bjørn Erik Pedersen
f503b63957
docs: Regen CLI docs
2021-11-02 09:01:26 +01:00
Joe Mooring
04a3b45db4
Fix description of lang.FormatNumberCustom
...
It currently refers to itself as a simple alternative, when it should
refer to lang.FormatNumber.
2021-11-01 18:54:43 +01:00
Joe Mooring
0cc39af682
Update Twitter shortcode oEmbed endpoint
...
The existing endpoint will be retired and removed on November 23, 2021.
References:
- https://twittercommunity.com/t/consolidating-the-oembed-functionality/154690
- https://developer.twitter.com/en/docs/twitter-for-websites/oembed-api#Embedded
This is a backward compatible change.
The existing endpoint requires a single parameter: the id of the tweet.
The new endpoint requires two parameters: the id of the tweet, and the
user with whom it is associated. For the moment, if you supply the wrong
user, the request will be redirected (with a small delay) to the correct
user/id pair. This behavior is undocumented, but we will take advantage
of it as Hugo site authors transition to the new syntax.
{{< tweet 1453110110599868418 >}} --> works, throws warning, deprecate at some point
{{< tweet user="SanDiegoZoo" id="1453110110599868418" >}} --> new syntax
Fixes #8130
2021-11-01 15:51:00 +01:00
Bjørn Erik Pedersen
4b36498a85
Merge commit 'aa5ac36a3eb68b86c803caec703869efefc8447e'
2021-10-31 13:53:55 +01:00
Bjørn Erik Pedersen
471ed91c60
hugofs: Add includeFiles and excludeFiles to mount configuration
...
Fixes #9042
2021-10-20 05:00:17 +02:00
Joe Mooring
64abc83fc4
Allow multiple plugins in the PostCSS options map
...
Usage:
{{ $options := dict "use" "autoprefixer postcss-color-alpha" }}
{{ $style := resources.Get "main.css" | resources.PostCSS $options }}
Fixes #9015
2021-10-10 11:11:43 +02:00
Joe Mooring
f8d132d731
docs: Create path.Clean documentation
...
Related to #9005
2021-10-09 20:36:57 +02:00
hugoreleaser
5bc547389a
releaser: Add release notes to /docs for release of 0.88.1
...
[ci skip]
2021-09-04 09:39:19 +00:00
hugoreleaser
acc5eb5b51
releaser: Add release notes to /docs for release of 0.88.0
...
[ci skip]
2021-09-02 09:27:27 +00:00
Helder Pereira
d966f5d08d
highlight: Remove some pygments references
2021-08-21 15:50:49 +02:00
hugoreleaser
b0c541e496
releaser: Add release notes to /docs for release of 0.87.0
...
[ci skip]
2021-08-03 10:57:26 +00:00
Bjørn Erik Pedersen
494f284be3
docs: Adjust config docs
2021-08-03 12:22:02 +02:00
Bjørn Erik Pedersen
bf738d2f43
docs: Regen CLI docs
2021-08-03 11:55:02 +02:00
Bjørn Erik Pedersen
8d19850e2d
docs: Regen docs helper
2021-08-03 11:53:34 +02:00
Bjørn Erik Pedersen
0934983529
Merge commit 'bd77f6e1c99e04a476f0b1bb4e44569134e02399' into release-0.87.0
2021-08-03 11:52:57 +02:00
Bjørn Erik Pedersen
1c5b025dd0
docs: Adjust time zone docs
2021-08-03 11:51:28 +02:00
Bjørn Erik Pedersen
268065cb2d
Merge branch 'release-0.86.1'
2021-07-30 12:58:26 +02:00
hugoreleaser
f6821b88ab
releaser: Add release notes to /docs for release of 0.86.1
...
[ci skip]
2021-07-30 10:13:32 +00:00
Bjørn Erik Pedersen
7907d24ba1
tpl/lang: Add new localized versions of lang.FormatNumber etc.
...
Fixes #8820
2021-07-29 16:40:06 +02:00
Bjørn Erik Pedersen
efa5760db5
Add timezone support for front matter dates without one
...
Fixes #8810
2021-07-27 19:02:48 +02:00
Bjørn Erik Pedersen
a57dda854b
Localize time.Format
...
Fixes #8797
2021-07-27 19:02:48 +02:00
hugoreleaser
41c6c52ead
releaser: Add release notes to /docs for release of 0.86.0
...
[ci skip]
2021-07-21 09:53:11 +00:00
Bjørn Erik Pedersen
0294a4a4f8
Merge commit '53a352795a69a9d4a373f50ec62138595948c6ea'
2021-07-21 10:45:53 +02:00
Bjørn Erik Pedersen
d831d2fce8
Simplify "active menu" logic for section menus
...
Fixes #8776
2021-07-20 17:50:59 +02:00
hugoreleaser
724d5db580
releaser: Add release notes to /docs for release of 0.85.0
...
[ci skip]
2021-07-05 10:46:25 +00:00
Bjørn Erik Pedersen
e31b1d1946
commands: Make the --poll flag a duration
...
So you can do:
```
hugo server --poll 700ms
```
See #8720
2021-07-05 10:23:29 +02:00
Bjørn Erik Pedersen
43a23239b2
docs: Regen CLI docs
2021-07-04 16:35:21 +02:00
Bjørn Erik Pedersen
4479f09c9c
Merge commit '7eb0e10a80708c638554b8221a3120dc1168566c'
2021-07-04 16:34:53 +02:00
hugoreleaser
020e4acee4
releaser: Add release notes to /docs for release of 0.84.4
...
[ci skip]
2021-07-01 11:51:53 +00:00
hugoreleaser
a1b0353ccb
releaser: Add release notes to /docs for release of 0.84.3
...
[ci skip]
2021-06-29 11:40:19 +00:00
hugoreleaser
e0c67958f1
releaser: Add release notes to /docs for release of 0.84.2
...
[ci skip]
2021-06-28 10:59:18 +00:00
Bjørn Erik Pedersen
40dfdd0952
modules: Add module.import.noMounts config
...
Fixes #8708
2021-06-28 10:39:52 +02:00