Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

In nested range the map key and value become are inverted. #11112

Closed
zhengchun opened this issue Jun 14, 2023 · 7 comments · Fixed by #11114
Closed

In nested range the map key and value become are inverted. #11112

zhengchun opened this issue Jun 14, 2023 · 7 comments · Fixed by #11114

Comments

@zhengchun
Copy link

I upgraded my hugo from v0.99 to v0.113 yesterday, I get a strange output from range $key, $value = range . , the value of $key is output as $value, and the value of $value is output as $key.

The full source code from https://github.com/fastbootstrap/atlassian-design-for-bootstrap/blob/main/site/layouts/shortcodes/class-api.html

      {{ range index .Site.Data.css $module }}
        {{ $properties := .property }}
        {{ $values := .values }}
        {{ $prefix := .class | default .property }}
        {{ $format := .format | default "%s-%s" }}
        {{ range $values }}
          {{ $key := . }}
          {{ $value := . }}
          {{ if reflect.IsMap . }}
            {{ range $key, $value = . }}  **WARNING: here, key and value is inverted **
            {{ end }}
          {{ end }}
          {{ $class :=trim (printf $format $prefix (string $key)) "-" }}
          {{ $styles := slice }}
          {{ range split $properties " " }}
            {{ $property := trim . "" }}
            {{ $styles = $styles | append ( printf "%s: %s;" $property (string $value)) }}
          {{ end }}
          <tr>
            <td class="text-blue-400 text-nowrap"><code>{{ printf ".%s" $class }}</code></td>
            <td class="text-purple-300">{{ delimit $styles "<br/>" }}</td>           
          </tr>
        {{ end }}
      {{ end }}

The warning output from {{ range $key, $value = . }}

          {{ if reflect.IsMap . }}
            {{ range $key, $value = . }}  **WARNING: here, key and value are inverted **
            {{ end }}
          {{ end }}

The normal output from Hugo v0.99

Class Property
.border-0 border-width: 0;
.border-1 border-width: 1px;
.border-2 border-width: 2px;
.border-3 border-width: 3px;
.border-4 border-width: 4px;
.border-5 border-width: 5px;

Since upgrade to Hugo v0.113, The output value key become value, value become key.

Class Property
.border-0 border-width: 0;
.border-1px border-width: 1;
.border-2px border-width: 2;
.border-3px border-width: 3;
.border-4px border-width: 4;
.border-5px border-width: 5;

Data from https://github.com/fastbootstrap/atlassian-design-for-bootstrap/blob/main/site/data/css.yml

border-width:
  - property: border-width
    class: border
    values:
      - 0
      - 1: 1px
      - 2: 2px
      - 3: 3px
      - 4: 4px
      - 5: 5px

What version of Hugo are you using (hugo version)?

$ hugo version
hugo v0.113.0-085c1b3d614e23d218ebf9daad909deaa2390c9a+extended windows/amd64 BuildDate=2023-06-05T15:04:51Z VendorInfo=gohugoio

Does this issue reproduce with the latest release?

Yes

@bep
Copy link
Member

bep commented Jun 14, 2023

I have not looked closely at your templates, but this issue rings a bell:

golang/go#56490

@jmooring
Copy link
Member

jmooring commented Jun 14, 2023

Verified. The problem was introduced in v0.106.0, where we merged the changes from golang/go@be7068f. So, upstream fixed one thing but broke another.

@jmooring
Copy link
Member

jmooring commented Jun 14, 2023

To reproduce:

{{ $m := dict "key" "value" }}
{{ $k := "" }}
{{ $v := "" }}
{{ range $k, $v = $m }}
  {{ $k }} = {{ $v }}    --> "value = key"
{{ end }}

OR 

{{ $s := slice "value" }}
{{ $k := "" }}
{{ $v := "" }}
{{ range $k, $v = $s }}
  {{ $k }} = {{ $v }}    --> "value = 0"
{{ end }}

@jmooring
Copy link
Member

jmooring commented Jun 14, 2023

@bep bep modified the milestones: v0.115.0, v0.114.0 Jun 15, 2023
@bep
Copy link
Member

bep commented Jun 15, 2023

I'm guessing they will merge that one fast, so I will hold on with any release until I can get that one into Hugo.

@jmooring
Copy link
Member

golang/go@befec5d

bep added a commit to bep/hugo that referenced this issue Jun 15, 2023
The template packages are based on go1.20.5 with the patch in 15d330e1aa7dea2a9ff981ec8130aeb06da900a1 added.

Fixes gohugoio#11112
bep added a commit to bep/hugo that referenced this issue Jun 15, 2023
The template packages are based on go1.20.5 with the patch in befec5ddbbfbd81ec84e74e15a38044d67f8785b  added.

Fixes gohugoio#11112
bep added a commit to bep/hugo that referenced this issue Jun 15, 2023
The template packages are based on go1.20.5 with the patch in befec5ddbbfbd81ec84e74e15a38044d67f8785b  added.

Fixes gohugoio#11112
bep added a commit to bep/hugo that referenced this issue Jun 15, 2023
The template packages are based on go1.20.5 with the patch in befec5ddbbfbd81ec84e74e15a38044d67f8785b  added.

This also includes a security fix that now disallows Go template actions in JS literals (inside backticks).

This will throw an error saying "... appears in a JS template literal".

If you're really sure this isn't a security risk in your case, you can revert to the old behaviour:

```toml
[security]
[security.gotemplates]
allowActionJSTmpl = true
```

See golang/go#59234

Fixes gohugoio#11112
bep added a commit to bep/hugo that referenced this issue Jun 15, 2023
The template packages are based on go1.20.5 with the patch in befec5ddbbfbd81ec84e74e15a38044d67f8785b  added.

This also includes a security fix that now disallows Go template actions in JS literals (inside backticks).

This will throw an error saying "... appears in a JS template literal".

If you're really sure this isn't a security risk in your case, you can revert to the old behaviour:

```toml
[security]
[security.gotemplates]
allowActionJSTmpl = true
```

See golang/go#59234

Fixes gohugoio#11112
bep added a commit to bep/hugo that referenced this issue Jun 15, 2023
The template packages are based on go1.20.5 with the patch in befec5ddbbfbd81ec84e74e15a38044d67f8785b  added.

This also includes a security fix that now disallows Go template actions in JS literals (inside backticks).

This will throw an error saying "... appears in a JS template literal".

If you're really sure this isn't a security risk in your case, you can revert to the old behaviour:

```toml
[security]
[security.gotemplates]
allowActionJSTmpl = true
```

See golang/go#59234

Fixes gohugoio#11112
bep added a commit that referenced this issue Jun 15, 2023
The template packages are based on go1.20.5 with the patch in befec5ddbbfbd81ec84e74e15a38044d67f8785b  added.

This also includes a security fix that now disallows Go template actions in JS literals (inside backticks).

This will throw an error saying "... appears in a JS template literal".

If you're really sure this isn't a security risk in your case, you can revert to the old behaviour:

```toml
[security]
[security.gotemplates]
allowActionJSTmpl = true
```

See golang/go#59234

Fixes #11112
@github-actions
Copy link

github-actions bot commented Jul 7, 2023

This issue has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Jul 7, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Development

Successfully merging a pull request may close this issue.

3 participants