From bb8e2232ae6c189125ae1abed70ad41233fc08c0 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 4 Dec 2023 07:37:11 +0000 Subject: [PATCH 1/9] Bump org.apache.maven.plugins:maven-javadoc-plugin from 3.6.2 to 3.6.3 Bumps [org.apache.maven.plugins:maven-javadoc-plugin](https://github.com/apache/maven-javadoc-plugin) from 3.6.2 to 3.6.3. - [Release notes](https://github.com/apache/maven-javadoc-plugin/releases) - [Commits](https://github.com/apache/maven-javadoc-plugin/compare/maven-javadoc-plugin-3.6.2...maven-javadoc-plugin-3.6.3) --- updated-dependencies: - dependency-name: org.apache.maven.plugins:maven-javadoc-plugin dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 423db10..bba0ae8 100644 --- a/pom.xml +++ b/pom.xml @@ -146,7 +146,7 @@ org.apache.maven.plugins maven-javadoc-plugin - 3.6.2 + 3.6.3 true public From 840a5fd874c201d1470ad20f8c7c6e0f2ac871f6 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 5 Dec 2023 07:15:17 +0000 Subject: [PATCH 2/9] Bump org.eluder.coveralls:coveralls-maven-plugin from 2.1.0 to 4.3.0 Bumps [org.eluder.coveralls:coveralls-maven-plugin](https://github.com/trautonen/coveralls-maven-plugin) from 2.1.0 to 4.3.0. - [Changelog](https://github.com/trautonen/coveralls-maven-plugin/blob/master/CHANGELOG.md) - [Commits](https://github.com/trautonen/coveralls-maven-plugin/compare/v2.1.0...v4.3.0) --- updated-dependencies: - dependency-name: org.eluder.coveralls:coveralls-maven-plugin dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 423db10..1b354a7 100644 --- a/pom.xml +++ b/pom.xml @@ -174,7 +174,7 @@ org.eluder.coveralls coveralls-maven-plugin - 2.1.0 + 4.3.0 From 3e4a537c0386f163886d76d2b31150fcc6ed874b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 5 Dec 2023 07:15:23 +0000 Subject: [PATCH 3/9] Bump junit:junit from 4.13.1 to 4.13.2 Bumps [junit:junit](https://github.com/junit-team/junit4) from 4.13.1 to 4.13.2. - [Release notes](https://github.com/junit-team/junit4/releases) - [Changelog](https://github.com/junit-team/junit4/blob/main/doc/ReleaseNotes4.13.1.md) - [Commits](https://github.com/junit-team/junit4/compare/r4.13.1...r4.13.2) --- updated-dependencies: - dependency-name: junit:junit dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 423db10..e64932d 100644 --- a/pom.xml +++ b/pom.xml @@ -54,7 +54,7 @@ junit junit - 4.13.1 + 4.13.2 test From 78544cf1ef0a4a761bf6b1f978fe6606a27b7241 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 5 Dec 2023 07:15:28 +0000 Subject: [PATCH 4/9] Bump org.yaml:snakeyaml from 2.0 to 2.2 Bumps [org.yaml:snakeyaml](https://bitbucket.org/snakeyaml/snakeyaml) from 2.0 to 2.2. - [Commits](https://bitbucket.org/snakeyaml/snakeyaml/branches/compare/snakeyaml-2.2..snakeyaml-2.0) --- updated-dependencies: - dependency-name: org.yaml:snakeyaml dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 423db10..12d5bb1 100644 --- a/pom.xml +++ b/pom.xml @@ -60,7 +60,7 @@ org.yaml snakeyaml - 2.0 + 2.2 test From c77d7ef3a357003a08ed2406ee7c1f504e5b9152 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 14 Dec 2023 07:02:10 +0000 Subject: [PATCH 5/9] Bump org.apache.maven.plugins:maven-surefire-plugin from 3.2.2 to 3.2.3 Bumps [org.apache.maven.plugins:maven-surefire-plugin](https://github.com/apache/maven-surefire) from 3.2.2 to 3.2.3. - [Release notes](https://github.com/apache/maven-surefire/releases) - [Commits](https://github.com/apache/maven-surefire/compare/surefire-3.2.2...surefire-3.2.3) --- updated-dependencies: - dependency-name: org.apache.maven.plugins:maven-surefire-plugin dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 00fef40..1ea9dc4 100644 --- a/pom.xml +++ b/pom.xml @@ -137,7 +137,7 @@ org.apache.maven.plugins maven-surefire-plugin - 3.2.2 + 3.2.3 **/*Test.java From 96aac1a41f62c0490dccb25a37d93c246a6b85e3 Mon Sep 17 00:00:00 2001 From: Adam Gent Date: Tue, 19 Dec 2023 12:57:38 -0500 Subject: [PATCH 6/9] Improve escaping performance --- .../com/samskivert/mustache/Escapers.java | 105 ++++++++++++++++++ .../com/samskivert/mustache/Mustache.java | 13 ++- .../com/samskivert/mustache/Template.java | 8 ++ 3 files changed, 125 insertions(+), 1 deletion(-) diff --git a/src/main/java/com/samskivert/mustache/Escapers.java b/src/main/java/com/samskivert/mustache/Escapers.java index b8a8a1e..ba6e269 100644 --- a/src/main/java/com/samskivert/mustache/Escapers.java +++ b/src/main/java/com/samskivert/mustache/Escapers.java @@ -4,11 +4,17 @@ package com.samskivert.mustache; +import java.io.IOException; +import java.io.UncheckedIOException; + /** * Defines some standard {@link Mustache.Escaper}s. */ public class Escapers { + // TODO for 2.0 this class should be final and have a private constructor but that + // would break semver on the off chance someone did extend it. + /** Escapes HTML entities. */ public static final Mustache.Escaper HTML = simple(new String[][] { { "&", "&" }, @@ -30,6 +36,11 @@ public class Escapers /** Returns an escaper that replaces a list of text sequences with canned replacements. * @param repls a list of {@code (text, replacement)} pairs. */ public static Mustache.Escaper simple (final String[]... repls) { + String[] lookupTable = Lookup7bitEscaper.createTable(repls); + if (lookupTable != null) { + return new Lookup7bitEscaper(lookupTable); + } + // our lookup replacements are not 7 bit ascii. return new Mustache.Escaper() { @Override public String escape (String text) { for (String[] escape : repls) { @@ -39,4 +50,98 @@ public class Escapers } }; } + // This is based on benchmarking: https://github.com/jstachio/escape-benchmark + private static class Lookup7bitEscaper implements Mustache.Escaper { + /* + * This only works for replacing the lower 7 bit ascii + * characters + */ + private final String[] lookupTable; + + private Lookup7bitEscaper( + String[] lookupTable) { + super(); + this.lookupTable = lookupTable; + } + + static /* @Nullable */ String[] createTable (String[][] mappings) { + String[] table = new String[128]; + for (String[] entry : mappings) { + String key = entry[0]; + String value = entry[1]; + if (key.length() != 1) { + return null; + } + char k = key.charAt(0); + if (k > 127) { + return null; + } + table[k] = value; + } + return table; + } + + @Override + public void escape (Appendable a, CharSequence raw) throws IOException { + int end = raw.length(); + for (int i = 0, start = 0; i < end; i++) { + char c = raw.charAt(i); + String found = escapeChar(lookupTable, c); + /* + * While this could be done with one loop it appears through + * benchmarking that by having the first loop assume the string + * to be not changed creates a fast path for strings with no escaping needed. + */ + if (found != null) { + a.append(raw, 0, i); + a.append(found); + start = i = i + 1; + for (; i < end; i++) { + c = raw.charAt(i); + found = escapeChar(lookupTable, c); + if (found != null) { + a.append(raw, start, i); + a.append(found); + start = i + 1; + } + } + a.append(raw, start, end); + return; + } + } + a.append(raw); + } + + private static /* @Nullable */ String escapeChar (String[] lookupTable, char c) { + if (c > 127) { + return null; + } + return lookupTable[c]; + } + + @Override + public String escape (String raw) { + StringBuilder sb = new StringBuilder(raw.length()); + try { + escape(sb, raw); + } catch (IOException e) { + throw new UncheckedIOException(e); + } + return sb.toString(); + } + + @Override + public String toString () { + StringBuilder sb = new StringBuilder(); + sb.append("Escaper["); + for(char i = 0; i < lookupTable.length; i++) { + String value = lookupTable[i]; + if (value != null) { + sb.append("{'").append(i).append("', '").append(value).append("'},"); + } + } + sb.append("]"); + return sb.toString(); + } + } } diff --git a/src/main/java/com/samskivert/mustache/Mustache.java b/src/main/java/com/samskivert/mustache/Mustache.java index 19bf531..e79931f 100644 --- a/src/main/java/com/samskivert/mustache/Mustache.java +++ b/src/main/java/com/samskivert/mustache/Mustache.java @@ -317,6 +317,17 @@ public class Mustache { default CharSequence escape (CharSequence raw) { return escape(raw.toString()); } + + /** + * Escapes the raw characters with escape sequeneces if needed and appends to the appendable. + * The default implementation calls {@link #escape(CharSequence)}. + * @param a the stream like to append to. + * @param raw input string. + * @throws IOException if an error happens while writing to the appendable. + */ + default void escape (Appendable a, CharSequence raw) throws IOException { + a.append(escape(raw)); + } } /** Handles loading partial templates. */ @@ -1317,7 +1328,7 @@ public class Mustache { "No key, method or field with name '" + _name + "' on line " + _line; throw new MustacheException.Context(msg, _name, _line); } - write(out, _escaper.escape(_formatter.format(value))); + escape(out, _formatter.format(value), _escaper); } @Override public void decompile (Delims delims, StringBuilder into) { delims.addTag(' ', _name, into); diff --git a/src/main/java/com/samskivert/mustache/Template.java b/src/main/java/com/samskivert/mustache/Template.java index 393ed72..acb5d4d 100644 --- a/src/main/java/com/samskivert/mustache/Template.java +++ b/src/main/java/com/samskivert/mustache/Template.java @@ -433,6 +433,14 @@ public class Template { throw new MustacheException(ioe); } } + + protected static void escape (Appendable out, CharSequence data, Mustache.Escaper escape) { + try { + escape.escape(out, data); + } catch (IOException ioe) { + throw new MustacheException(ioe); + } + } } /** Used to cache variable fetchers for a given context class, name combination. */ From c15c60b675fc22bf7bee9a2d4c78a1edc786327f Mon Sep 17 00:00:00 2001 From: Adam Gent Date: Fri, 22 Dec 2023 14:07:38 -0500 Subject: [PATCH 7/9] Make the build reproducible --- pom.xml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/pom.xml b/pom.xml index 1ea9dc4..21541ea 100644 --- a/pom.xml +++ b/pom.xml @@ -48,6 +48,8 @@ 1.9 UTF-8 + + 2023-01-01T00:00:00Z From 82d61e9c02b8675636f4652e02432c2ab4921b13 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 25 Dec 2023 07:06:05 +0000 Subject: [PATCH 8/9] Bump org.apache.maven.plugins:maven-compiler-plugin Bumps [org.apache.maven.plugins:maven-compiler-plugin](https://github.com/apache/maven-compiler-plugin) from 3.11.0 to 3.12.1. - [Release notes](https://github.com/apache/maven-compiler-plugin/releases) - [Commits](https://github.com/apache/maven-compiler-plugin/compare/maven-compiler-plugin-3.11.0...maven-compiler-plugin-3.12.1) --- updated-dependencies: - dependency-name: org.apache.maven.plugins:maven-compiler-plugin dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 1ea9dc4..1415716 100644 --- a/pom.xml +++ b/pom.xml @@ -70,7 +70,7 @@ org.apache.maven.plugins maven-compiler-plugin - 3.11.0 + 3.12.1 ${source.level} ${source.level} From f4997f486b3a34e589edaf7171f700eb8e872216 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 10 Jan 2024 07:01:12 +0000 Subject: [PATCH 9/9] Bump org.apache.maven.plugins:maven-surefire-plugin from 3.2.3 to 3.2.5 Bumps [org.apache.maven.plugins:maven-surefire-plugin](https://github.com/apache/maven-surefire) from 3.2.3 to 3.2.5. - [Release notes](https://github.com/apache/maven-surefire/releases) - [Commits](https://github.com/apache/maven-surefire/compare/surefire-3.2.3...surefire-3.2.5) --- updated-dependencies: - dependency-name: org.apache.maven.plugins:maven-surefire-plugin dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 9397cea..c532ae3 100644 --- a/pom.xml +++ b/pom.xml @@ -139,7 +139,7 @@ org.apache.maven.plugins maven-surefire-plugin - 3.2.3 + 3.2.5 **/*Test.java