fix: add security protections and cleanup failing tests

zig/pugz

Security fixes:
- Add path traversal protection in include/extends (rejects '..' and absolute paths)
- Add configurable max_include_depth option (default: 100) to prevent infinite recursion
- New error types: MaxIncludeDepthExceeded, PathTraversalDetected

Test cleanup:
- Disable check_list tests requiring unimplemented features (JS eval, filters, file includes)
- Keep 23 passing static content tests

Bump version to 0.2.2

This commit is contained in:

Ankit Patial

2026-01-24 14:31:24 +05:30

parent af949f3a7f

commit 621f8def47

270 changed files with 5595 additions and 672 deletions

									
										1

src/tests/check_list/blocks-in-if.html
									
										Normal file
									
												View File
												
				@@ -0,0 +1 @@

				<p>ajax contents</p>

				`@@ -0,0 +1 @@`
				`<p>ajax contents</p>`

fix: add security protections and cleanup failing tests

1 src/tests/check_list/blocks-in-if.html Normal file Unescape Escape View File

1

src/tests/check_list/blocks-in-if.html Normal file

View File