mirror/hugo
1
0
Fork 0
mirror of https://github.com/gohugoio/hugo.git synced 2025-08-19 21:21:39 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge commit '6efb279bfacbd7304cef994be8181c6f804e7dd4'

Browse Source
This commit is contained in:
Bjørn Erik Pedersen
2024-02-07 20:46:41 +01:00
parent 301bafabe0 6efb279bfa
commit b8d5090452
29 changed files with 435 additions and 569 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
docs/content/en/functions/math/Add.md
View File

@@ -22,3 +22,9 @@ If one of the numbers is a [`float`], the result is a `float`.
```
[`float`]: /getting-started/glossary/#float
You can also use the `add` function to concatenate strings.
```go-html-template
{{ add "hu" "go" }} → hugo
```

2
docs/content/en/functions/os/ReadDir.md
View File

@@ -47,5 +47,3 @@ news → true
Note that `os.ReadDir` is not recursive.
Details of the `FileInfo` structure are available in the [Go documentation](https://pkg.go.dev/io/fs#FileInfo).
For more information on using `readDir` and `readFile` in your templates, see [Local File Templates](/templates/files).

2
docs/content/en/functions/os/ReadFile.md
View File

@@ -36,5 +36,3 @@ This is **bold** text.
```
Note that `os.ReadFile` returns raw (uninterpreted) content.
For more information on using `readDir` and `readFile` in your templates, see [Local File Templates](/templates/files).

38
docs/content/en/functions/resources/GetRemote.md
View File

@@ -175,3 +175,41 @@ Override the cache key by setting a `key` in the options map. Use this approach
```
[configure file caches]: /getting-started/configuration/#configure-file-caches
## Security
To protect against malicious intent, the `resources.GetRemote` function inspects the server response including:
- The [Content-Type] in the response header
- The file extension, if any
- The content itself
If Hugo is unable to resolve the media type to an entry in its [allowlist], the function throws an error:
```text
ERROR error calling resources.GetRemote: failed to resolve media type...
```
For example, you will see the error above if you attempt to download an executable.
Although the allowlist contains entries for common media types, you may encounter situations where Hugo is unable to resolve the media type of a file that you know to be safe. In these situations, edit your site configuration to add the media type to the allowlist. For example:
```text
[security.http]
mediaTypes=['application/vnd\.api\+json']
```
Note that the entry above is:
- An _addition_ to the allowlist; it does not _replace_ the allowlist
- An array of regular expressions
For example, to add two entries to the allowlist:
```text
[security.http]
mediaTypes=['application/vnd\.api\+json','image/avif']
```
[allowlist]: https://en.wikipedia.org/wiki/Whitelist
[Content-Type]: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Type