diff options
| author | Bjørn Erik Pedersen <bjorn.erik.pedersen@gmail.com> | 2022-03-10 08:19:03 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-03-10 08:19:03 +0100 |
| commit | 4e14cf7607ad3afdbf65272cd5bb61dba4b415da (patch) | |
| tree | 84922c4407920e9b45502afce15730c0da796a88 /common/types | |
| parent | 5697348e1732a5f64ee7467283eb0335f2ec36e8 (diff) | |
| download | hugo-4e14cf7607ad3afdbf65272cd5bb61dba4b415da.tar.gz hugo-4e14cf7607ad3afdbf65272cd5bb61dba4b415da.zip | |
Fail with error when double-rendering text in markdownify/RenderString
This commit prevents the most commons case of infinite recursion in link render hooks when the `linkify` option is enabled (see below). This is always a user error, but getting a `stack overflow` (the current stack limit in Go is 1 GB on 64-bit, 250 MB on 32-bit) error isn't very helpful. This fix will not prevent all such errors, though, but we may do better once #9570 is in place.
So, these will fail:
```
<a href="{{ .Destination | safeURL }}" >{{ .Text | markdownify }}</a>
<a href="{{ .Destination | safeURL }}" >{{ .Text | .Page.RenderString }}</a>
```
`.Text` is already rendered to `HTML`. The above needs to be rewritten to:
```
<a href="{{ .Destination | safeURL }}" >{{ .Text | safeHTML }}</a>
<a href="{{ .Destination | safeURL }}" >{{ .Text | safeHTML }}</a>
```
Fixes #8959
Diffstat (limited to 'common/types')
| -rw-r--r-- | common/types/hstring/stringtypes.go | 20 | ||||
| -rw-r--r-- | common/types/hstring/stringtypes_test.go | 30 |
2 files changed, 50 insertions, 0 deletions
diff --git a/common/types/hstring/stringtypes.go b/common/types/hstring/stringtypes.go new file mode 100644 index 000000000..601218e0e --- /dev/null +++ b/common/types/hstring/stringtypes.go @@ -0,0 +1,20 @@ +// Copyright 2022 The Hugo Authors. All rights reserved. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package hstring + +type RenderedString string + +func (s RenderedString) String() string { + return string(s) +} diff --git a/common/types/hstring/stringtypes_test.go b/common/types/hstring/stringtypes_test.go new file mode 100644 index 000000000..8ff477f63 --- /dev/null +++ b/common/types/hstring/stringtypes_test.go @@ -0,0 +1,30 @@ +// Copyright 2022 The Hugo Authors. All rights reserved. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package hstring + +import ( + "html/template" + "testing" + + qt "github.com/frankban/quicktest" + "github.com/spf13/cast" +) + +func TestStringTypes(t *testing.T) { + c := qt.New(t) + + // Validate that it will behave like a string in Hugo settings. + c.Assert(cast.ToString(RenderedString("Hugo")), qt.Equals, "Hugo") + c.Assert(template.HTML(RenderedString("Hugo")), qt.Equals, template.HTML("Hugo")) +} |