zig/pugz
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
41 Commits 1 Branch 5 Tags
621f8def4740b4033f33137143bcdda57909506e
Commit Graph

4 Commits

Author SHA1 Message Date
Ankit Patial
621f8def47 fix: add security protections and cleanup failing tests 
Security fixes:
- Add path traversal protection in include/extends (rejects '..' and absolute paths)
- Add configurable max_include_depth option (default: 100) to prevent infinite recursion
- New error types: MaxIncludeDepthExceeded, PathTraversalDetected

Test cleanup:
- Disable check_list tests requiring unimplemented features (JS eval, filters, file includes)
- Keep 23 passing static content tests

Bump version to 0.2.2
 2026-01-24 14:31:24 +05:30
Ankit Patial
53f147f5c4 fix: make conditional fields optional using @hasField 
Templates can now use 'if error' or similar conditionals without
requiring the caller to always provide those fields in the data struct.
 2026-01-23 12:10:48 +05:30
Ankit Patial
efaaa5565d fix: properly handle mixin call attributes in compiled templates 
- Create typed attributes struct for each mixin call with optional fields (class, id, style)
- Use unique variable names (mixin_attrs_N) to avoid shadowing in nested mixin calls
- Track current attributes variable for buildAccessor to resolve attributes.class correctly
- Only suppress unused variable warning when attributes aren't actually accessed
 2026-01-23 12:02:04 +05:30
Ankit Patial
b079bbffff fix: escape quotes in backtick strings and merge duplicate class attributes 
- HTML-escape double quotes as " in backtick template literals for valid attribute values
- Merge shorthand classes (.alert) with class attribute values instead of emitting duplicates
- Handle string concatenation expressions in class attributes (e.g., class="btn btn-" + type)
 2026-01-23 11:50:18 +05:30