Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unquoted named parameter in shortcode allows for non-alphanumeric values #13343

Open
guilhas07 opened this issue Feb 4, 2025 · 2 comments
Open

Unquoted named parameter in shortcode allows for non-alphanumeric values #13343

guilhas07 opened this issue Feb 4, 2025 · 2 comments
Labels
Bug NotSure
Milestone
Unscheduled

Comments

@guilhas07
Copy link
Contributor

Problem

Named and unnamed parameters in shortcodes support different characters.

Example

This is currently allowed:

{{< foo param=https://example.ork/foo/?a=b&c=d#bar >}}

This fails with unrecognized character in shortcode action: U+003A ':'. Note: Parameters with non-alphanumeric args must be quoted:

{{< foo https://example.ork/foo/?a=b&c=d#bar >}}

Given the error message, I believe the first example should error with the same message.
I previously opened #13342 which contains the fix for this, let me know if I should reopen it.

What version of Hugo are you using (hugo version)?

$ hugo version
hugo v0.143.1+extended linux/amd64 BuildDate=unknown

Does this issue reproduce with the latest release?

Yes
@guilhas07 guilhas07 mentioned this issue Feb 4, 2025
Closed
@guilhas07 guilhas07 changed the title Unquotted named parameter in shortcode allows for unicode values Unquotted named parameter in shortcode allows for non-alphanumeric values Feb 4, 2025
@bep bep changed the title Unquotted named parameter in shortcode allows for non-alphanumeric values Unquoted named parameter in shortcode allows for non-alphanumeric values Feb 4, 2025
@bep bep added NotSure and removed NeedsTriage labels Feb 4, 2025
@bep
Copy link
Member

bep commented Feb 4, 2025

I previously opened #13342 which contains the fix for this, let me know if I should reopen it.

No, that's not the fix (it would break sites). I'm not sure about this, will think, maybe we just adjust the error message. Will think about it.

@bep bep added this to the Unscheduled milestone Feb 4, 2025
@guilhas07
Copy link
Contributor Author

guilhas07 commented Feb 4, 2025
edited
Loading

I previously opened #13342 which contains the fix for this, let me know if I should reopen it.

No, that's not the fix (it would break sites). I'm not sure about this, will think, maybe we just adjust the error message. Will think about it.

Another option would be to allow both, making this

{{< foo https://example.ork/foo/?a=b&c=d#bar >}}

valid, and instead of consuming until space in the named case, in both situations, consume until an end tag or space is found.
Resulting in the following consistent behaviour:

// Would become valid (Currently fails)
{{< foo param=example>}}

// Already Valid
{{< foo example>}}

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Bug NotSure
Projects
None yet
Milestone
Unscheduled
Development

No branches or pull requests
2 participants
@bep @guilhas07