mirror/hugo
1
0
Fork 0
mirror of https://github.com/gohugoio/hugo.git synced 2025-08-18 21:11:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

Allow whitelisting mediaTypes used in resources.GetRemote

Browse Source 
Fixes #10286
This commit is contained in:
Bjørn Erik Pedersen
2023-05-20 17:37:04 +02:00
parent 7c7baa6183
commit 2637b4ef4d
5 changed files with 41 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
hugolib/securitypolicies_test.go
View File

@@ -138,9 +138,9 @@ func TestSecurityPolicies(t *testing.T) {
}
cb := func(b *sitesBuilder) {
b.WithConfigFile("toml", `
[security]
[security.exec]
allow="none"
[security]
[security.exec]
allow="none"
`)
b.WithTemplatesAdded("index.html", `{{ $scss := "body { color: #333; }" | resources.FromString "foo.scss" | resources.ToCSS (dict "transpiler" "dartsass") }}`)
@@ -166,6 +166,28 @@ func TestSecurityPolicies(t *testing.T) {
[security]
[security.http]
urls="none"
`)
})
})
c.Run("resources.GetRemote, fake JSON", func(c *qt.C) {
c.Parallel()
httpTestVariant(c, `{{ $json := resources.GetRemote "%[1]s/fakejson.json" }}{{ $json.Content }}`, `(?s).*failed to resolve media type.*`,
func(b *sitesBuilder) {
b.WithConfigFile("toml", `
`)
})
})
c.Run("resources.GetRemote, fake JSON whitelisted", func(c *qt.C) {
c.Parallel()
httpTestVariant(c, `{{ $json := resources.GetRemote "%[1]s/fakejson.json" }}{{ $json.Content }}`, ``,
func(b *sitesBuilder) {
b.WithConfigFile("toml", `
[security]
[security.http]
mediaTypes=["application/json"]
`)
})
})