mirror of
https://github.com/gohugoio/hugo.git
synced 2024-12-25 15:41:22 +00:00
ee359df172
The template packages are based on go1.20.5 with the patch in befec5ddbbfbd81ec84e74e15a38044d67f8785b added. This also includes a security fix that now disallows Go template actions in JS literals (inside backticks). This will throw an error saying "... appears in a JS template literal". If you're really sure this isn't a security risk in your case, you can revert to the old behaviour: ```toml [security] [security.gotemplates] allowActionJSTmpl = true ``` See https://github.com/golang/go/issues/59234 Fixes #11112
47 lines
1.4 KiB
Go
47 lines
1.4 KiB
Go
// Copyright 2019 The Hugo Authors. All rights reserved.
|
|
//
|
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
// you may not use this file except in compliance with the License.
|
|
// You may obtain a copy of the License at
|
|
// http://www.apache.org/licenses/LICENSE-2.0
|
|
//
|
|
// Unless required by applicable law or agreed to in writing, software
|
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
// See the License for the specific language governing permissions and
|
|
// limitations under the License.
|
|
|
|
package template
|
|
|
|
import (
|
|
"sync/atomic"
|
|
|
|
template "github.com/gohugoio/hugo/tpl/internal/go_templates/texttemplate"
|
|
)
|
|
|
|
// See https://github.com/golang/go/issues/59234
|
|
// Moved here to avoid dependency on Go's internal/debug package.
|
|
var SecurityAllowActionJSTmpl atomic.Bool
|
|
|
|
/*
|
|
|
|
This files contains the Hugo related addons. All the other files in this
|
|
package is auto generated.
|
|
|
|
*/
|
|
|
|
// Export it so we can populate Hugo's func map with it, which makes it faster.
|
|
var GoFuncs = funcMap
|
|
|
|
// Prepare returns a template ready for execution.
|
|
func (t *Template) Prepare() (*template.Template, error) {
|
|
if err := t.escape(); err != nil {
|
|
return nil, err
|
|
}
|
|
return t.text, nil
|
|
}
|
|
|
|
// See https://github.com/golang/go/issues/5884
|
|
func StripTags(html string) string {
|
|
return stripTags(html)
|
|
}
|