fix: add security protections and cleanup failing tests

zig/pugz

Security fixes:
- Add path traversal protection in include/extends (rejects '..' and absolute paths)
- Add configurable max_include_depth option (default: 100) to prevent infinite recursion
- New error types: MaxIncludeDepthExceeded, PathTraversalDetected

Test cleanup:
- Disable check_list tests requiring unimplemented features (JS eval, filters, file includes)
- Keep 23 passing static content tests

Bump version to 0.2.2

This commit is contained in:

Ankit Patial

2026-01-24 14:31:24 +05:30

parent af949f3a7f

commit 621f8def47

270 changed files with 5595 additions and 672 deletions

									
										3

src/tests/check_list/classes-empty.html
									
										Normal file
									
												View File
												
				@@ -0,0 +1,3 @@

				<a></a>

				<a></a>

				<a></a>

fix: add security protections and cleanup failing tests

3 src/tests/check_list/classes-empty.html Normal file Unescape Escape View File

3

src/tests/check_list/classes-empty.html Normal file

View File