diff options
| author | Bjørn Erik Pedersen <bjorn.erik.pedersen@gmail.com> | 2022-03-10 10:19:03 +0300 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-03-10 10:19:03 +0300 |
| commit | 4e14cf7607ad3afdbf65272cd5bb61dba4b415da (patch) | |
| tree | 84922c4407920e9b45502afce15730c0da796a88 /hugolib | |
| parent | 5697348e1732a5f64ee7467283eb0335f2ec36e8 (diff) | |
Fail with error when double-rendering text in markdownify/RenderString
This commit prevents the most commons case of infinite recursion in link render hooks when the `linkify` option is enabled (see below). This is always a user error, but getting a `stack overflow` (the current stack limit in Go is 1 GB on 64-bit, 250 MB on 32-bit) error isn't very helpful. This fix will not prevent all such errors, though, but we may do better once #9570 is in place.
So, these will fail:
```
<a href="{{ .Destination | safeURL }}" >{{ .Text | markdownify }}</a>
<a href="{{ .Destination | safeURL }}" >{{ .Text | .Page.RenderString }}</a>
```
`.Text` is already rendered to `HTML`. The above needs to be rewritten to:
```
<a href="{{ .Destination | safeURL }}" >{{ .Text | safeHTML }}</a>
<a href="{{ .Destination | safeURL }}" >{{ .Text | safeHTML }}</a>
```
Fixes #8959
Diffstat (limited to 'hugolib')
| -rw-r--r-- | hugolib/page__per_output.go | 12 |
1 files changed, 10 insertions, 2 deletions
diff --git a/hugolib/page__per_output.go b/hugolib/page__per_output.go index d79b152f3..a7ad2a245 100644 --- a/hugolib/page__per_output.go +++ b/hugolib/page__per_output.go @@ -24,6 +24,7 @@ import ( "unicode/utf8" "github.com/gohugoio/hugo/common/text" + "github.com/gohugoio/hugo/common/types/hstring" "github.com/gohugoio/hugo/identity" "github.com/mitchellh/mapstructure" "github.com/pkg/errors" @@ -351,8 +352,16 @@ func (p *pageContentOutput) RenderString(args ...interface{}) (template.HTML, er } } + contentToRender := args[sidx] + + if _, ok := contentToRender.(hstring.RenderedString); ok { + // This content is already rendered, this is potentially + // a infinite recursion. + return "", errors.New("text is already rendered, repeating it may cause infinite recursion") + } + var err error - s, err = cast.ToStringE(args[sidx]) + s, err = cast.ToStringE(contentToRender) if err != nil { return "", err } @@ -515,7 +524,6 @@ func (p *pageContentOutput) initRenderHooks() error { } } } - if !found1 { if tp == hooks.CodeBlockRendererType { // No user provided tempplate for code blocks, so we use the native Go code version -- which is also faster. |