Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: mozilla/nunjucks
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: v3.2.3
Choose a base ref
...
head repository: mozilla/nunjucks
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: v3.2.4
Choose a head ref
  • 2 commits
  • 5 files changed
  • 1 contributor

Commits on Apr 12, 2023

  1. fix: html encode backslashes if used with escape filter or autoescape ( 

    …#1437)

Backslashes should be html encoded when present in expressions that are
passed to the escape filter (including when this happens automatically
with autoescape)
    @fdintino
    fdintino authored Apr 12, 2023

    Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
    GPG key ID: 4AEE18F83AFDEB23
    Expired
    Verified
    Learn about vigilant mode
    Copy the full SHA
    ec16d21 View commit details

Commits on Apr 13, 2023

  1. Release v3.2.4

    @fdintino
    fdintino committed Apr 13, 2023

    Verified

    This commit was signed with the committer’s verified signature.
    fdintino Frankie Dintino
    GPG key ID: 97E295AACFBABD9E
    Verified
    Learn about vigilant mode
    Copy the full SHA
    86a77f4 View commit details
Showing with 24 additions and 6 deletions.
  1. +7 −0 CHANGELOG.md
  2. +3 −2 nunjucks/src/lib.js
  3. +1 −1 package.json
  4. +11 −1 tests/compiler.js
  5. +2 −2 tests/filters.js
7 changes: 7 additions & 0 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,13 @@
Changelog
=========

3.2.4 (Apr 13 2023)
------------------

* HTML encode backslashes when expressions are passed through the escape
filter (including when this is done automatically with autoescape). Merge
of [#1427](https://github.com/mozilla/nunjucks/pull/1427).

3.2.3 (Feb 15 2021)
-------------------

5 changes: 3 additions & 2 deletions nunjucks/src/lib.js
View file
Original file line number Diff line number Diff line change
@@ -8,10 +8,11 @@ var escapeMap = {
'"': '"',
'\'': ''',
'<': '&lt;',
'>': '&gt;'
'>': '&gt;',
'\\': '&#92;',
};

var escapeRegex = /[&"'<>]/g;
var escapeRegex = /[&"'<>\\]/g;

var exports = module.exports = {};

2 changes: 1 addition & 1 deletion package.json
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
{
"name": "nunjucks",
"description": "A powerful templating engine with inheritance, asynchronous control, and more (jinja2 inspired)",
"version": "3.2.3",
"version": "3.2.4",
"author": "James Long <longster@gmail.com>",
"dependencies": {
"a-sync-waterfall": "^1.0.0",
12 changes: 11 additions & 1 deletion tests/compiler.js
View file
Original file line number Diff line number Diff line change
@@ -1976,6 +1976,16 @@
finish(done);
});

it('should autoescape backslashes', function(done) {
equal(
'{{ foo }}',
{ foo: 'foo \\\' bar' },
{ autoescape: true },
'foo &#92;&#39; bar');

finish(done);
});

it('should not autoescape when extension set false', function(done) {
function TestExtension() {
// jshint validthis: true
@@ -2031,7 +2041,7 @@
});

it('should render regexs', function(done) {
equal('{{ r/name [0-9] \\// }}',
equal('{{ r/name [0-9] \\// }}', {}, { autoescape: false },
'/name [0-9] \\//');

equal('{{ r/x/gi }}',
4 changes: 2 additions & 2 deletions tests/filters.js
View file
Original file line number Diff line number Diff line change
@@ -108,9 +108,9 @@

it('escape', function() {
equal(
'{{ "<html>" | escape }}', {},
'{{ "<html>\\\\" | escape }}', {},
{ autoescape: false },
'&lt;html&gt;');
'&lt;html&gt;&#92;');
});

it('escape skip safe', function() {