diff options
Diffstat (limited to 'config/security/securityConfig.go')
| -rw-r--r-- | config/security/securityConfig.go | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/config/security/securityConfig.go b/config/security/securityConfig.go index 8bd12af4b..5d0db2fb9 100644 --- a/config/security/securityConfig.go +++ b/config/security/securityConfig.go @@ -68,6 +68,9 @@ type Config struct { // Allow inline shortcodes EnableInlineShortcodes bool `json:"enableInlineShortcodes"` + + // Go templates related security config. + GoTemplates GoTemplates `json:"goTemplates"` } // Exec holds os/exec policies. @@ -93,6 +96,15 @@ type HTTP struct { MediaTypes Whitelist `json:"mediaTypes"` } +type GoTemplates struct { + + // Enable to allow template actions inside bakcticks in ES6 template literals. + // This was blocked in Hugo 0.114.0 for security reasons and you now get errors on the form + // "... appears in a JS template literal" if you have this in your templates. + // See https://github.com/golang/go/issues/59234 + AllowActionJSTmpl bool +} + // ToTOML converts c to TOML with [security] as the root. func (c Config) ToTOML() string { sec := c.ToSecurityMap() |