From 43d83c1312036e026c01dd55a4b70dda4ffcea05 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bj=C3=B8rn=20Erik=20Pedersen?= Date: Sat, 25 Feb 2023 16:28:21 +0100 Subject: [PATCH 1/4] Update index.md --- content/en/about/security-model/index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/en/about/security-model/index.md b/content/en/about/security-model/index.md index 66cb15463..d4dacd9bf 100644 --- a/content/en/about/security-model/index.md +++ b/content/en/about/security-model/index.md @@ -57,7 +57,7 @@ For HTML output, this is the core security model: In short: -Templates authors (you) are trusted, but the data you send in is not. +Template and configuration authors (you) are trusted, but the data you send in is not. This is why you sometimes need to use the _safe_ functions, such as `safeHTML`, to avoid escaping of data you know is safe. There is one exception to the above, as noted in the documentation: If you enable inline shortcodes, you also say that the shortcodes and data handling in content files are trusted, as those macros are treated as pure text. It may be worth adding that Hugo is a static site generator with no concept of dynamic user input. From b2a23b6f5d8651d163e8cf3e111ae41541424cfd Mon Sep 17 00:00:00 2001 From: JB Date: Mon, 20 Feb 2023 12:12:50 +0100 Subject: [PATCH 2/4] Mermaid: switch to ESM import --- layouts/partials/hooks/before-body-end.html | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/layouts/partials/hooks/before-body-end.html b/layouts/partials/hooks/before-body-end.html index fb7ae20ba..dab653508 100644 --- a/layouts/partials/hooks/before-body-end.html +++ b/layouts/partials/hooks/before-body-end.html @@ -1,6 +1,7 @@ {{ if .Page.Store.Get "hasMermaid" }} - - {{ end }} From eddd25ff4633d0b76e9f155e70de065d754aac4f Mon Sep 17 00:00:00 2001 From: JB Date: Mon, 20 Feb 2023 12:15:36 +0100 Subject: [PATCH 3/4] Mermaid: reflect latest docs specifications MermaidJS now specifies to write chart's markdown within a `pre` HTML tag to improve semantics. --- layouts/_default/_markup/render-codeblock-mermaid.html | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/layouts/_default/_markup/render-codeblock-mermaid.html b/layouts/_default/_markup/render-codeblock-mermaid.html index 59641551c..94ea0cad0 100644 --- a/layouts/_default/_markup/render-codeblock-mermaid.html +++ b/layouts/_default/_markup/render-codeblock-mermaid.html @@ -1,4 +1,4 @@ -
+
   {{- .Inner | safeHTML }}
-
+ {{ .Page.Store.Set "hasMermaid" true }} From 6e32d05910fb9d623ef26b647def10ea0e00cd15 Mon Sep 17 00:00:00 2001 From: Nicolas Lelong Date: Mon, 27 Feb 2023 23:51:36 +0100 Subject: [PATCH 4/4] Update quick-start.md (#1984) Clarify that Windows users are expected to use PowerShell or a Linux shell --- content/en/getting-started/quick-start.md | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/content/en/getting-started/quick-start.md b/content/en/getting-started/quick-start.md index 824d6030a..d49997570 100644 --- a/content/en/getting-started/quick-start.md +++ b/content/en/getting-started/quick-start.md @@ -34,7 +34,13 @@ You must also be comfortable working from the command line. ### Commands {{% note %}} -If you are a Windows user, you must run these commands with [PowerShell]. You cannot use Windows Powershell, which is a different application, or the Command Prompt. You may also use a Linux shell if available. +**If you are a Windows user:** + +- Do not use the Command Prompt +- Do not use Windows PowerShell +- Run these commands from [PowerShell] or a Linux terminal such as WSL or Git Bash + +PowerShell and Windows PowerShell are different applications. [PowerShell]: https://learn.microsoft.com/en-us/powershell/scripting/install/installing-powershell-on-windows {{% /note %}}