Upgrade to v2 of the Dart Sass Embedded Protocol

Fixes #11059

2 files changed, 4 insertions, 4 deletions

diff --git a/config/security/securityConfig.go b/config/security/securityConfig.go
index f7d2beac8..8bd12af4b 100644
--- a/config/security/securityConfig.go
+++ b/config/security/securityConfig.go
@@ -35,9 +35,9 @@ const securityConfigKey = "security"
 var DefaultConfig = Config{
 	Exec: Exec{
 		Allow: NewWhitelist(
-			"^dart-sass-embedded$",
-			"^go$",  // for Go Modules
-			"^npx$", // used by all Node tools (Babel, PostCSS).
+			"^(dart-)?sass(-embedded)?$", // sass, dart-sass, dart-sass-embedded.
+			"^go$",                       // for Go Modules
+			"^npx$",                      // used by all Node tools (Babel, PostCSS).
 			"^postcss$",
 		),
 		// These have been tested to work with Hugo's external programs
diff --git a/config/security/securityConfig_test.go b/config/security/securityConfig_test.go
index edc1737e3..3bfd59ce3 100644
--- a/config/security/securityConfig_test.go
+++ b/config/security/securityConfig_test.go
@@ -140,7 +140,7 @@ func TestToTOML(t *testing.T) {
 	got := DefaultConfig.ToTOML()
 
 	c.Assert(got, qt.Equals,
-		"[security]\n  enableInlineShortcodes = false\n\n  [security.exec]\n    allow = ['^dart-sass-embedded$', '^go$', '^npx$', '^postcss$']\n    osEnv = ['(?i)^((HTTPS?|NO)_PROXY|PATH(EXT)?|APPDATA|TE?MP|TERM|GO\\w+)$']\n\n  [security.funcs]\n    getenv = ['^HUGO_', '^CI$']\n\n  [security.http]\n    methods = ['(?i)GET|POST']\n    urls = ['.*']",
+		"[security]\n  enableInlineShortcodes = false\n\n  [security.exec]\n    allow = ['^(dart-)?sass(-embedded)?$', '^go$', '^npx$', '^postcss$']\n    osEnv = ['(?i)^((HTTPS?|NO)_PROXY|PATH(EXT)?|APPDATA|TE?MP|TERM|GO\\w+)$']\n\n  [security.funcs]\n    getenv = ['^HUGO_', '^CI$']\n\n  [security.http]\n    methods = ['(?i)GET|POST']\n    urls = ['.*']",
 	)
 }