mirror of
https://github.com/gohugoio/hugo.git
synced 2025-08-18 21:11:19 +02:00
Merge commit '5be51ac3db225d5df501ed1fa1499c41d97dbf65'
This commit is contained in:
@@ -1,16 +1,9 @@
|
||||
---
|
||||
title: About Hugo
|
||||
linktitle: About
|
||||
linkTitle: About
|
||||
description: Learn about Hugo and its features, privacy protections, and security model.
|
||||
categories: []
|
||||
keywords: []
|
||||
menu:
|
||||
docs:
|
||||
identifier: about-hugo-in-this-section
|
||||
parent: about
|
||||
weight: 10
|
||||
weight: 10
|
||||
aliases: [/about-hugo/,/docs/]
|
||||
---
|
||||
|
||||
Learn about Hugo and its features, privacy protections, and security model.
|
||||
|
@@ -1,14 +1,9 @@
|
||||
---
|
||||
title: Features
|
||||
description: Hugo's rich and powerful feature set provides the framework and tools to create static sites that build in seconds, often less.
|
||||
categories: [about]
|
||||
categories: []
|
||||
keywords: []
|
||||
menu:
|
||||
docs:
|
||||
parent: about
|
||||
weight: 30
|
||||
weight: 30
|
||||
toc: true
|
||||
weight: 20
|
||||
---
|
||||
|
||||
## Framework
|
||||
@@ -61,7 +56,7 @@ toc: true
|
||||
: Syntactically highlight code examples using Hugo's embedded syntax highlighter, enabled by default for fenced code blocks in Markdown. The syntax highlighter supports hundreds of code languages and dozens of styles.
|
||||
|
||||
[Shortcodes]
|
||||
: Use Hugo's embedded shortcodes, or create your own, to insert complex content. For example, use shortcodes to include `audio` and `video` elements, render tables from local or remote data sources, insert snippets from other pages, and more.
|
||||
: Use Hugo's embedded shortcodes, or create your own, to insert complex content. For example, use shortcodes to include `audio` and `video` elements, render tables from local or remote data sources, insert snippets from other pages, and more.
|
||||
|
||||
## Content management
|
||||
|
||||
@@ -83,7 +78,7 @@ toc: true
|
||||
## Asset pipelines
|
||||
|
||||
[Image processing]
|
||||
: Convert, resize, crop, rotate, adjust colors, apply filters, overlay text and images, and extract EXIF data.
|
||||
: Convert, resize, crop, rotate, adjust colors, apply filters, overlay text and images, and extract EXIF data.
|
||||
|
||||
[JavaScript bundling]
|
||||
: Transpile TypeScript and JSX to JavaScript, bundle, tree shake, minify, create source maps, and perform SRI hashing.
|
||||
@@ -107,18 +102,18 @@ toc: true
|
||||
|
||||
[Multilingual]: /content-management/multilingual/
|
||||
[Multiplatform]: /installation/
|
||||
[Output formats]: /templates/output-formats/
|
||||
[Output formats]: /configuration/output-formats/
|
||||
[Templates]: /templates/introduction/
|
||||
[Themes]: https://themes.gohugo.io/
|
||||
[Modules]: /hugo-modules/
|
||||
[Privacy]: /about/privacy/
|
||||
[Privacy]: /configuration/privacy/
|
||||
[Security]: /about/security/
|
||||
|
||||
[Content formats]: /content-management/formats/
|
||||
[CommonMark]: https://spec.commonmark.org/current/
|
||||
[GitHub Flavored Markdown]: https://github.github.com/gfm/
|
||||
[Markdown attributes]: /content-management/markdown-attributes/
|
||||
[Markdown extensions]: /getting-started/configuration-markup/#goldmark-extensions
|
||||
[Markdown extensions]: /configuration/markup/#extensions
|
||||
[Markdown render hooks]: /render-hooks/introduction/
|
||||
[Diagrams]: /content-management/diagrams/
|
||||
[Mathematics]: /content-management/mathematics/
|
||||
@@ -137,5 +132,5 @@ toc: true
|
||||
[Tailwind CSS processing]: /functions/css/tailwindcss/
|
||||
|
||||
[Caching]: /functions/partials/includecached/
|
||||
[Segmentation]: /getting-started/configuration/#configure-segments
|
||||
[Minification]: /getting-started/configuration/#configure-minify
|
||||
[Segmentation]: /configuration/segments/
|
||||
[Minification]: /configuration/minify/
|
||||
|
@@ -1,14 +1,9 @@
|
||||
---
|
||||
title: Introduction
|
||||
description: Hugo is a static site generator written in Go, optimized for speed and designed for flexibility.
|
||||
categories: [about]
|
||||
description: Hugo is a static site generator written in Go, optimized for speed and designed for flexibility.
|
||||
categories: []
|
||||
keywords: []
|
||||
menu:
|
||||
docs:
|
||||
identifier: about-introduction
|
||||
parent: about
|
||||
weight: 20
|
||||
weight: 20
|
||||
weight: 10
|
||||
aliases: [/about/what-is-hugo/,/about/benefits/]
|
||||
---
|
||||
|
||||
@@ -32,8 +27,8 @@ Learn more about Hugo's [features], [privacy protections], and [security model].
|
||||
[Go]: https://go.dev
|
||||
[Hugo Modules]: /hugo-modules/
|
||||
[static site generator]: https://en.wikipedia.org/wiki/Static_site_generator
|
||||
[features]: /about/features
|
||||
[security model]: /about/security
|
||||
[privacy protections]: /about/privacy
|
||||
[features]: /about/features/
|
||||
[security model]: about/security/
|
||||
[privacy protections]: /configuration/privacy
|
||||
|
||||
{{< youtube 0RKpf3rK57I >}}
|
||||
|
@@ -1,18 +1,13 @@
|
||||
---
|
||||
title: License
|
||||
description: Hugo is released under the Apache 2.0 license.
|
||||
categories: [about]
|
||||
keywords: [apache]
|
||||
menu:
|
||||
docs:
|
||||
parent: about
|
||||
weight: 60
|
||||
weight: 60
|
||||
categories: []
|
||||
keywords: []
|
||||
weight: 40
|
||||
---
|
||||
|
||||
## Apache License
|
||||
|
||||
|
||||
_Version 2.0, January 2004_
|
||||
_<http://www.apache.org/licenses/>_
|
||||
|
||||
|
@@ -1,52 +0,0 @@
|
||||
---
|
||||
title: Privacy
|
||||
linkTitle: Privacy
|
||||
description: Configure your site to help comply with regional privacy regulations.
|
||||
categories: [about]
|
||||
keywords: ["GDPR", "Privacy", "Data Protection"]
|
||||
menu:
|
||||
docs:
|
||||
parent: about
|
||||
weight: 40
|
||||
weight: 40
|
||||
toc: true
|
||||
aliases: [/gdpr/,/about/hugo-and-gdpr/]
|
||||
toc: true
|
||||
---
|
||||
|
||||
## Responsibility
|
||||
|
||||
Site authors are responsible for ensuring compliance with regional privacy regulations, including but not limited to:
|
||||
|
||||
- GDPR (General Data Protection Regulation): Applies to individuals within the European Union and the European Economic Area.
|
||||
- CCPA (California Consumer Privacy Act): Applies to California residents.
|
||||
- CPRA (California Privacy Rights Act): Expands upon the CCPA with stronger consumer privacy protections.
|
||||
- Virginia Consumer Data Protection Act (CDPA): Applies to businesses that collect, process, or sell the personal data of Virginia residents.
|
||||
|
||||
Hugo's privacy settings can assist in compliance efforts.
|
||||
|
||||
## Embedded templates
|
||||
|
||||
Hugo provides [embedded templates](g) to simplify site and content creation. Some of these templates interact with external services. For example, the `youtube` shortcode connects with YouTube's servers to embed videos on your site.
|
||||
|
||||
Some of these templates include settings to enhance privacy.
|
||||
|
||||
|
||||
## Configuration
|
||||
|
||||
{{% note %}}
|
||||
These settings affect the behavior of some of Hugo's embedded templates. These settings may or may not affect the behavior of templates provided by third parties in their modules or themes.
|
||||
{{% /note %}}
|
||||
|
||||
These are the default privacy settings for Hugo's embedded templates:
|
||||
|
||||
{{< code-toggle config=privacy />}}
|
||||
|
||||
See each template's documentation for a description of its privacy settings:
|
||||
|
||||
- [Disqus partial](/templates/embedded/#privacy-disqus)
|
||||
- [Google Analytics partial](/templates/embedded/#privacy-google-analytics)
|
||||
- [Instagram shortcode](/shortcodes/instagram/#privacy)
|
||||
- [Vimeo shortcode](/shortcodes/vimeo/#privacy)
|
||||
- [X shortcode](/shortcodes/x/#privacy)
|
||||
- [YouTube shortcode](/shortcodes/youtube/#privacy)
|
@@ -2,71 +2,57 @@
|
||||
title: Security model
|
||||
linkTitle: Security
|
||||
description: A summary of Hugo's security model.
|
||||
categories: [about]
|
||||
keywords: [security,privacy]
|
||||
menu:
|
||||
docs:
|
||||
parent: about
|
||||
weight: 50
|
||||
weight: 50
|
||||
toc: true
|
||||
categories: []
|
||||
keywords: []
|
||||
weight: 30
|
||||
aliases: [/about/security-model/]
|
||||
---
|
||||
|
||||
## Runtime security
|
||||
|
||||
Hugo produces static output, so once built, the runtime is the browser (assuming the output is HTML) and any server (API) that you integrate with.
|
||||
Hugo generates static websites, meaning the final output runs directly in the browser and interacts with any integrated APIs. However, during development and site building, the `hugo` executable itself is the runtime environment.
|
||||
|
||||
But when developing and building your site, the runtime is the `hugo` executable. Securing a runtime can be [a real challenge](https://blog.logrocket.com/how-to-protect-your-node-js-applications-from-malicious-dependencies-5f2e60ea08f9/).
|
||||
Securing a runtime is a complex task. Hugo addresses this through a robust sandboxing approach and a strict security policy with default protections. Key features include:
|
||||
|
||||
**Hugo's main approach is that of sandboxing and a security policy with strict defaults:**
|
||||
- Virtual file system: Hugo employs a virtual file system, limiting file access. Only the main project, not external components, can access files or directories outside the project root.
|
||||
- Read-Only access: User-defined components have read-only access to the file system, preventing unintended modifications.
|
||||
- Controlled external binaries: While Hugo utilizes external binaries for features like Asciidoctor support, these are strictly predefined with specific flags and are disabled by default. The [security policy] details these limitations.
|
||||
- No arbitrary commands: To mitigate risks, Hugo intentionally avoids implementing general functions that would allow users to execute arbitrary operating system commands.
|
||||
|
||||
* Hugo has a virtual file system and only the main project (not third-party components) is allowed to mount directories or files outside the project root.
|
||||
* User-defined components have read-only access to the filesystem.
|
||||
* We shell out to some external binaries to support [Asciidoctor](/content-management/formats/#formats) and similar, but those binaries and their flags are predefined and disabled by default (see [Security Policy](#security-policy)). General functions to run arbitrary external OS commands have been [discussed](https://github.com/gohugoio/hugo/issues/796), but not implemented because of security concerns.
|
||||
This combination of sandboxing and strict defaults effectively minimizes potential security vulnerabilities during the Hugo build process.
|
||||
|
||||
## Security policy
|
||||
|
||||
Hugo has a built-in security policy that restricts access to [os/exec](https://pkg.go.dev/os/exec), remote communication and similar.
|
||||
|
||||
The default configuration is listed below. Any build using features not in the allow list of the security policy will fail with a detailed message about what needs to be done. Most of these settings are allow lists (string or slice, [Regular Expressions](https://pkg.go.dev/regexp) or `none` which matches nothing).
|
||||
|
||||
{{< code-toggle config=security />}}
|
||||
|
||||
By default, Hugo permits the [`resources.GetRemote`] function to download files with media types corresponding to an internal allow list. To add media types to the allow list:
|
||||
|
||||
[`resources.GetRemote`]: /functions/resources/getremote
|
||||
|
||||
{{< code-toggle file=hugo >}}
|
||||
[security.http]
|
||||
mediaTypes = ['^image/avif$']
|
||||
{{< /code-toggle >}}
|
||||
|
||||
Note that these and other configuration settings in Hugo can be overridden by the OS environment. For example, if you want to block all remote HTTP fetching of data:
|
||||
|
||||
```txt
|
||||
HUGO_SECURITY_HTTP_URLS=none hugo
|
||||
```
|
||||
[security policy]: /configuration/security/
|
||||
|
||||
## Dependency security
|
||||
|
||||
Hugo is built as a static binary using [Go Modules](https://github.com/golang/go/wiki/Modules) to manage its dependencies. Go Modules have several safeguards, one of them being the `go.sum` file. This is a database of the expected cryptographic checksums of all of your dependencies, including transitive dependencies.
|
||||
Hugo utilizes [Go Modules] to manage its dependencies, compiling as a static binary. Go Modules create a `go.sum` file, a critical security feature. This file acts as a database, storing the expected cryptographic checksums of all dependencies, including those required indirectly (transitive dependencies).
|
||||
|
||||
[Hugo Modules](/hugo-modules/) is a feature built on top of the functionality of Go Modules. Like Go Modules, a Hugo project using Hugo Modules will have a `go.sum` file. We recommend that you commit this file to your version control system. The Hugo build will fail if there is a checksum mismatch, which would be an indication of [dependency tampering](https://julienrenaux.fr/2019/12/20/github-actions-security-risk/).
|
||||
[Hugo Modules], which extend Go Modules' functionality, also produce a `go.sum` file. To ensure dependency integrity, commit this `go.sum` file to your version control. If Hugo detects a checksum mismatch during the build process, it will fail, indicating a possible attempt to [tamper with your project's dependencies].
|
||||
|
||||
[Go Modules]: https://go.dev/wiki/Modules#modules
|
||||
[Hugo Modules]: /hugo-modules/
|
||||
[tamper with your project's dependencies]: https://julienrenaux.fr/2019/12/20/github-actions-security-risk/
|
||||
|
||||
## Web application security
|
||||
|
||||
These are the security threats as defined by [OWASP](https://en.wikipedia.org/wiki/OWASP).
|
||||
Hugo's security philosophy is rooted in established security standards, primarily aligning with the threats defined by [OWASP]. For HTML output, Hugo operates under a clear trust model. This model assumes that template and configuration authors, the developers, are trustworthy. However, the data supplied to these templates is inherently considered untrusted. This distinction is crucial for understanding how Hugo handles potential security risks.
|
||||
|
||||
For HTML output, this is the core security model:
|
||||
[OWASP]: https://en.wikipedia.org/wiki/OWASP
|
||||
|
||||
<https://pkg.go.dev/html/template#hdr-Security_Model>
|
||||
To prevent unintended escaping of data that developers know is safe, Hugo provides [`safe`] functions, such as [`safeHTML`]. These functions allow developers to explicitly mark data as trusted, bypassing the default escaping mechanisms. This is essential for scenarios where data is generated or sourced from reliable sources. However, an exception exists: enabling [inline shortcodes]. By activating this feature, you are implicitly trusting the logic within the shortcodes and the data contained within your content files.
|
||||
|
||||
In short:
|
||||
[`safeHTML`]: /functions/safe/html/
|
||||
[inline shortcodes]: /content-management/shortcodes/#inline
|
||||
|
||||
Template and configuration authors (you) are trusted, but the data you send in is not.
|
||||
This is why you sometimes need to use the _safe_ functions, such as `safeHTML`, to avoid escaping of data you know is safe.
|
||||
There is one exception to the above, as noted in the documentation: If you enable inline shortcodes, you also say that the shortcodes and data handling in content files are trusted, as those macros are treated as pure text.
|
||||
It may be worth adding that Hugo is a static site generator with no concept of dynamic user input.
|
||||
It's vital to remember that Hugo is a static site generator. This architectural choice significantly reduces the attack surface by eliminating the complexities and vulnerabilities associated with dynamic user input. Unlike dynamic websites, Hugo generates static HTML files, minimizing the risk of real-time attacks. Regarding content, Hugo's default Markdown renderer is [configured to sanitize] potentially unsafe content. This default behavior ensures that potentially malicious code or scripts are removed or escaped. However, this setting can be reconfigured if you have a high degree of confidence in the safety of your content sources.
|
||||
|
||||
For content, the default Markdown renderer is [configured](/getting-started/configuration-markup) to remove or escape potentially unsafe content. This behavior can be reconfigured if you trust your content.
|
||||
[configured to sanitize]: /configuration/markup/#rendererunsafe
|
||||
|
||||
In essence, Hugo prioritizes secure output by establishing a clear trust boundary between developers and data. By default, it errs on the side of caution, sanitizing potentially unsafe content and escaping data. Developers have the flexibility to adjust these defaults through [`safe`] functions and [configuration options], but they must do so with a clear understanding of the security implications. Hugo's static site generation model further strengthens its security posture by minimizing dynamic vulnerabilities.
|
||||
|
||||
[`safe`]: /functions/safe
|
||||
[configuration options]: /configuration/security
|
||||
|
||||
## Configuration
|
||||
|
||||
See [configure security](/configuration/security/).
|
||||
|
Reference in New Issue
Block a user