mirror/gohugoio-hugo
1
0
Fork 0
mirror of https://github.com/gohugoio/hugo.git synced 2024-05-11 05:54:58 +00:00
Code Issues Releases Activity
6,756 Commits 111 Branches 269 Tags
Commit Graph

90 Commits

Author SHA1 Message Date
Bjørn Erik Pedersen
f2bc13dd9e docs: Regenerate docshelper 2022-01-12 08:17:03 +01:00
Bjørn Erik Pedersen
4a0b55330c docs: Regenerate docshelper 2022-01-04 17:11:17 +01:00
Bjørn Erik Pedersen
623dda7174 Revert "config/security: Add HOME to default exec env var whitelist" 
There have been one report in the wild suggesting that this needs to be tested better before doing:

https://discourse.gohugo.io/t/hugo-mod-failing-in-v0-91-1-but-works-in-v0-91-0/36180/5

This reverts commit fca266ebbb81af3d4479873a7a79759033c7ce25.
 2021-12-23 16:23:15 +01:00
Bjørn Erik Pedersen
fca266ebbb config/security: Add HOME to default exec env var whitelist 
See #9309
 2021-12-22 11:33:59 +01:00
Bjørn Erik Pedersen
6df2f080c9 docs: Regen docs helper 2021-12-17 10:31:08 +01:00
Bjørn Erik Pedersen
f4389e48ce Add some basic security policies with sensible defaults 
This ommmit contains some security hardening measures for the Hugo build runtime.

There are some rarely used features in Hugo that would be good to have disabled by default. One example would be the "external helpers".

For `asciidoctor` and some others we use Go's `os/exec` package to start a new process.

These are a predefined set of binary names, all loaded from `PATH` and with a predefined set of arguments. Still, if you don't use `asciidoctor` in your project, you might as well have it turned off.

You can configure your own in the new `security` configuration section, but the defaults are configured to create a minimal amount of site breakage. And if that do happen, you will get clear instructions in the loa about what to do.

The default configuration is listed below. Note that almost all of these options are regular expression _whitelists_ (a string or a slice); the value `none` will block all.

```toml
[security]
  enableInlineShortcodes = false
  [security.exec]
    allow = ['^dart-sass-embedded$', '^go$', '^npx$', '^postcss$']
    osEnv = ['(?i)^(PATH|PATHEXT|APPDATA|TMP|TEMP|TERM)$']

  [security.funcs]
    getenv = ['^HUGO_']

  [security.http]
    methods = ['(?i)GET|POST']
    urls = ['.*']
```
 2021-12-16 09:40:22 +01:00
Bjørn Erik Pedersen
e86b331138 docs: Regenerate docs helper 2021-12-08 08:56:16 +01:00
Joe Mooring
04a3b45db4 Fix description of lang.FormatNumberCustom 
It currently refers to itself as a simple alternative, when it should
refer to lang.FormatNumber.
 2021-11-01 18:54:43 +01:00
Bjørn Erik Pedersen
4b36498a85 Merge commit 'aa5ac36a3eb68b86c803caec703869efefc8447e' 2021-10-31 13:53:55 +01:00
Bjørn Erik Pedersen
8d19850e2d docs: Regen docs helper 2021-08-03 11:53:34 +02:00
Bjørn Erik Pedersen
7907d24ba1 tpl/lang: Add new localized versions of lang.FormatNumber etc. 
Fixes #8820
 2021-07-29 16:40:06 +02:00
Bjørn Erik Pedersen
be6b901cf7 docs: Regenerate docs helper 2021-06-18 13:21:10 +02:00
Bjørn Erik Pedersen
402da3f8f3 docs: Regenerate docshelper 2021-06-18 12:58:07 +02:00
Bjørn Erik Pedersen
d392893cd7 Misc config loading fixes 
The main motivation behind this is simplicity and correctnes, but the new small config library is also faster:

```
BenchmarkDefaultConfigProvider/Viper-16         	  252418	      4546 ns/op	    2720 B/op	      30 allocs/op
BenchmarkDefaultConfigProvider/Custom-16        	  450756	      2651 ns/op	    1008 B/op	       6 allocs/op
```

Fixes #8633
Fixes #8618
Fixes #8630
Updates #8591
Closes #6680
Closes #5192
 2021-06-14 17:00:32 +02:00
Bjørn Erik Pedersen
a91cd7652f docs: Regenerate docs helper 2021-06-08 18:52:38 +02:00
Bjørn Erik Pedersen
a9b52b4175 docs: Regenerate docs helper 2021-05-01 12:06:24 +02:00
Bjørn Erik Pedersen
fd96f65a3d docs: Regen docs helper 2021-04-20 20:23:36 +02:00
Bjørn Erik Pedersen
8f7891e70c Merge commit '07b8d9466dfb59c429c1b470a0443337bc0aeefe' 2021-04-20 20:22:53 +02:00
Bjørn Erik Pedersen
86b4fd35e7 docs: Regenerate docs helper 2021-03-21 13:33:26 +01:00
Bjørn Erik Pedersen
1b364b003f docs: Regen docs helper 2021-02-18 17:54:25 +01:00
Bjørn Erik Pedersen
2681633db8 markup/goldmark: Add attributes support for blocks (tables etc.) 
E.g.:

```
> foo
> bar
{.myclass}
```

There are some current limitations: For tables you can currently only apply it to the full table, and for lists the ul/ol-nodes only, e.g.:

```
* Fruit
  * Apple
  * Orange
  * Banana
  {.fruits}
* Dairy
  * Milk
  * Cheese
  {.dairies}
{.list}
```

Fixes #7548
 2021-02-08 19:52:55 +01:00
Bjørn Erik Pedersen
fd70bdafe7 docs: Regen docshelper 2020-11-24 13:49:01 +01:00
Bjørn Erik Pedersen
20a35374a3 Revert "docs: Regenerate docshelper" 
This reverts commit caf16c20853947138883f6460682e19733895f52.

Closes #7972
 2020-11-21 12:48:48 +01:00
Bjørn Erik Pedersen
caf16c2085 docs: Regenerate docshelper 2020-11-20 09:32:16 +01:00
Bjørn Erik Pedersen
332b65e4cc docs: Regen docs helper 2020-10-30 09:52:32 +01:00
Bjørn Erik Pedersen
b9318e4315 docs: Regen docshelper 2020-10-06 16:25:23 +02:00
Helder Pereira
8e553dcdef markup/asciidocext: Add preserveTOC option 2020-09-17 10:50:25 +02:00
Bjørn Erik Pedersen
be2404c8b1 docs: Regen docs helper 2020-09-13 21:58:38 +02:00
Bjørn Erik Pedersen
e6cd9da42d docs: Regen docs helper 2020-09-07 21:45:16 +02:00
Bjørn Erik Pedersen
25e3da3343 docs: Regenerate docs helper 2020-07-13 11:01:38 +02:00
Bjørn Erik Pedersen
fc045e12a9 Rename taxonomy kinds from taxonomy to term, taxonomyTerm to taxonomy 
And we have taken great measures to limit potential site breakage:

* For `disableKinds` and `outputs` we try to map from old to new values if possible, if not we print an ERROR that can be toggled off if not relevant.
* The layout lookup is mostly compatible with more options for the new `term` kind.

That leaves:

* Where queries in site.Pages using taxonomy/taxonomyTerm Kind values as filter.
* Other places where these kind value are used in the templates (classes etc.)

Fixes #6911
Fixes #7395
 2020-06-18 09:09:56 +02:00
Bjørn Erik Pedersen
0a9172672a Merge commit 'efa74c5c6e6ff1daddeb5834ea7c69bed2acf171' 2020-06-16 14:19:31 +02:00
Edouard
7eeebe1e5a tpl/crypto: Add hmac 2020-06-05 20:04:11 +02:00
Bjørn Erik Pedersen
b7ff4dc23e docs: Regen docs helper 2020-04-10 09:07:41 +02:00
Bjørn Erik Pedersen
7204b354a9 Some minify configuration adjustments 2020-03-20 20:35:57 +01:00
SatowTakeshi
574c2959b8 Add minify config 
Fixes #6750
Updates #6892
 2020-03-20 20:35:57 +01:00
Bjørn Erik Pedersen
cafb1d53c0 docs, output: Add base template lookup variant to docs.json 2020-01-23 11:59:52 +01:00
Bjørn Erik Pedersen
4f466db666 docs: Regen docs helper 2020-01-23 11:55:08 +01:00
Bjørn Erik Pedersen
81b7e48a55 docs: Regenerate docshelper 
See #6707
See #6616
 2020-01-05 11:57:49 +01:00
Bjørn Erik Pedersen
1773d71d5b tpl: Add a warnf template func 
Fixes #6628
 2019-12-21 10:23:00 +01:00
Bjørn Erik Pedersen
55c29d4de3 docs: Regen docshelper 2019-12-19 23:48:01 +01:00
John Zaitseff
158e7ec204 Fix incorrect MIME type from image/jpg to image/jpeg 
According to multiple sources, both official ([IANA] and [RFC2046]) and
otherwise (eg, [Mozilla] and [Wikipedia]), the official MIME type for
JPEG images is `image/jpeg`, not `image/jpg`.  Change Hugo to match.

[IANA]: https://www.iana.org/assignments/media-types/media-types.xhtml#image
[RFC2046]: https://tools.ietf.org/html/rfc2046
[Mozilla]: https://developer.mozilla.org/en-US/docs/Web/HTTP/Basics_of_HTTP/MIME_types
[Wikipedia]: https://en.wikipedia.org/wiki/JPEG
 2019-12-19 18:02:11 +01:00
Bjørn Erik Pedersen
67f3aa72cf Merge commit '2e711a28c71e8667258e5ab824f9b9a71c261b0a' 2019-12-15 10:37:36 +01:00
Gavin D. Howard
4c804319f6 markup/tableofcontents: Add config option for ordered list 2019-12-12 07:48:40 +01:00
Bjørn Erik Pedersen
bfb9613a14 Add Goldmark as the new default markdown handler 
This commit adds the fast and CommonMark compliant Goldmark as the new default markdown handler in Hugo.

If you want to continue using BlackFriday as the default for md/markdown extensions, you can use this configuration:

```toml
[markup]
defaultMarkdownHandler="blackfriday"
```

Fixes #5963
Fixes #1778
Fixes #6355
 2019-11-23 14:12:24 +01:00
Bjørn Erik Pedersen
79355043e8 Merge commit 'efc0b1bb6c6564f54d596467dbc6a18cb206954e' 2019-11-11 11:46:22 +01:00
Bjørn Erik Pedersen
27aef3f1fb Merge commit 'b9bd35d72e14932fb6588ff62b90cddef0a060fc' as 'docs' 2019-10-21 10:22:28 +02:00
Bjørn Erik Pedersen
39121de4d9 docs: Replace /docs 2019-10-21 10:21:51 +02:00
Jamie Tanna
c466b88c99 deps: Upgrade to latest version of emoji dependency 
To add support for new emojis in Hugo, we need to upgrade our internal
dependency on the emoji package.

Note that we also need to update our tests, as the underlying emoji that
is rendered has changed.

Follow-up to #6391. (170f18d9352d39213170dd9d5e947eb45854c84b and
2df5d202c6fc6eb18ee0b259c3dd1156094947c5)
 2019-10-05 22:58:53 +02:00
Bjørn Erik Pedersen
23adc0c2d9 docs: Regenerate data helpers 2019-07-24 09:39:12 +02:00