Skip to content

change hugo version safe #19905

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

change hugo version safe #19905

wants to merge 1 commit into from

Conversation

jimangel
Copy link
Member

@jimangel jimangel commented Mar 27, 2020
edited
Loading

Ref: #19028

This is removing blackfriday params and using the default (no inline HTML). I also removed the offending user-guide-migration-notice.md files.

I will open another PR with some of the recommendations for comparison.

Details captured from #19028 (comment):

@zacharysarah I was playing around with updating the site to Hugo 67.0 and discovered a few (related) bugs.

The feature-state partial template not loading properly is because Hugo v0.60.0+ disables inline HTML in >markdown.>

See this Hugo v0.60.0 release post from @bep.

It can ignored by adding the following to config.toml:

[markup]
 [markup.goldmark]
   [markup.goldmark.renderer]
     unsafe = true

We might do this to temporarily avoid heartburn, but it would be great to remove all unsafe inline HTML.

Why it was disabled by default: gohugoio/hugo#6581

After the change is made in config.toml the feature state button loads fine, but the feature state is expanded by default. For example:

I saw that @kbhawkey had some experience modifying the template script (in PR #9994). Any suggestion on the best way to resolve this would be appreciated!

Other things discovered

Pygments is removed as highlighter.

We might need to update our config.toml to be more inline with https://gohugo.io/getting-started/configuration-markup#highlight

Plain HTML documents are not supported

This causes issues with any files that are 100% HTML. As of now, the only files Hugo errors about are:

content/de/includes/user-guide-migration-notice.md
content/en/includes/user-guide-migration-notice.md
content/fr/includes/user-guide-migration-notice.md
content/ja/includes/user-guide-migration-notice.md
content/zh/includes/user-guide-migration-notice.md

# you can easily delete them with: 

find content/ -name "*user-guide-migration-notice.md" -exec git rm {} \;

# otherwise convert them to markdown if they are needed

We should probably delete blackfriday config.toml references

#[blackfriday]
#hrefTargetBlank = true
#fractions = false

Next steps

Let me know if you want to continue out of this PR or want me to open up a new one.

  • Update netlify.toml to 0.67.0
  • Delete or fix (convert to markdown) offending user-guide-migration-notice.md files in each localization
  • Decide if it's worth back-filling old releases (release-x.xx)
  • Remove blackfriday stuff in config.toml

Considerations

  • Kubernetes v1.18 it tentative to be released on Tuesday, March 24, 2020 which involves a lot of docs work.
  • Does this impact the current work being done to update our theme?
  • Removing all unsafe html should not fall off our radar.
  • Does goldmark / commonmark do anything else unknown to our existing docs?

Other

I found the CommonMark markdown spec useful to answer any formatting / HTML questions. CommonMark is the spec replacing the currently used Blackfriday spec.

Lastly, I encourage folks to read the release notes from 0.59.1 -> v0.67.0

/cc @kbarnard10 @bradtopol @kbhawkey @sftim @lucperkins
/hold

@k8s-ci-robot k8s-ci-robot requested a review from kbarnard10 March 27, 2020 23:28
@k8s-ci-robot k8s-ci-robot added the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Mar 27, 2020
@k8s-ci-robot k8s-ci-robot added the cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. label Mar 27, 2020
@k8s-ci-robot k8s-ci-robot requested a review from sftim March 27, 2020 23:28
@k8s-ci-robot
Copy link
Contributor

@jimangel: GitHub didn't allow me to request PR reviews from the following users: lucperkins.

Note that only kubernetes members and repo collaborators can review this PR, and authors cannot review their own PRs.

In response to this:

Ref: #19028

This is removing blackfriday params and using the default (no inline HTML). I will open another PR with some of the recommendations for comparison.

@zacharysarah I was playing around with updating the site to Hugo 67.0 and discovered a few (related) bugs.

The feature-state partial template not loading properly is because Hugo v0.60.0+ disables inline HTML in >markdown.>

See this Hugo v0.60.0 release post from @bep.

It can ignored by adding the following to config.toml:

[markup]
 [markup.goldmark]
   [markup.goldmark.renderer]
     unsafe = true

We might do this to temporarily avoid heartburn, but it would be great to remove all unsafe inline HTML.

Why it was disabled by default: gohugoio/hugo#6581

After the change is made in config.toml the feature state button loads fine, but the feature state is expanded by default. For example:

I saw that @kbhawkey had some experience modifying the template script (in PR #9994). Any suggestion on the best way to resolve this would be appreciated!

Other things discovered

Pygments is removed as highlighter.

We might need to update our config.toml to be more inline with https://gohugo.io/getting-started/configuration-markup#highlight

Plain HTML documents are not supported

This causes issues with any files that are 100% HTML. As of now, the only files Hugo errors about are:

content/de/includes/user-guide-migration-notice.md
content/en/includes/user-guide-migration-notice.md
content/fr/includes/user-guide-migration-notice.md
content/ja/includes/user-guide-migration-notice.md
content/zh/includes/user-guide-migration-notice.md

# you can easily delete them with: 

find content/ -name "*user-guide-migration-notice.md" -exec git rm {} \;

# otherwise convert them to markdown if they are needed

We should probably delete blackfriday config.toml references

#[blackfriday]
#hrefTargetBlank = true
#fractions = false

Next steps

Let me know if you want to continue out of this PR or want me to open up a new one.

  • Update netlify.toml to 0.67.0
  • Delete or fix (convert to markdown) offending user-guide-migration-notice.md files in each localization
  • Decide if it's worth back-filling old releases (release-x.xx)
  • Remove blackfriday stuff in config.toml

Considerations

  • Kubernetes v1.18 it tentative to be released on Tuesday, March 24, 2020 which involves a lot of docs work.
  • Does this impact the current work being done to update our theme?
  • Removing all unsafe html should not fall off our radar.
  • Does goldmark / commonmark do anything else unknown to our existing docs?

Other

I found the CommonMark markdown spec useful to answer any formatting / HTML questions. CommonMark is the spec replacing the currently used Blackfriday spec.

Lastly, I encourage folks to read the release notes from 0.59.1 -> v0.67.0

/cc @kbarnard10 @bradtopol @kbhawkey @sftim @lucperkins
/hold

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@k8s-ci-robot k8s-ci-robot added size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. sig/docs Categorizes an issue or PR as relevant to SIG Docs. labels Mar 27, 2020
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
To complete the pull request process, please assign jimangel
You can assign the PR to them by writing /assign @jimangel in a comment when ready.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@jimangel jimangel force-pushed the hugo-safe-version branch from e58e604 to 4035fb0 Compare March 27, 2020 23:31
@k8s-ci-robot k8s-ci-robot added size/M Denotes a PR that changes 30-99 lines, ignoring generated files. language/de Issues or PRs related to German language language/en Issues or PRs related to English language language/fr Issues or PRs related to French language language/ja Issues or PRs related to Japanese language language/zh Issues or PRs related to Chinese language and removed size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. labels Mar 27, 2020
@netlify
Copy link

netlify bot commented Mar 27, 2020

Deploy preview for kubernetes-io-master-staging ready!

Built with commit 4035fb0

https://deploy-preview-19905--kubernetes-io-master-staging.netlify.com

@jimangel jimangel mentioned this pull request Mar 27, 2020
Merged
@kbhawkey
Copy link
Contributor

kbhawkey commented Apr 1, 2020

I read through the comments about the safe/unsafe parser configuration settings -- somewhat hard to follow.
Standalone HTML (not embedded in Markdown, such as the API and kubectl references) files are left alone.
The pages most affected by this change contain HTML tables (feature gates reference page, other Markdown pages with generated HTML content).
I would be in favor of removing (updating the shortcode) the feature state dialog window and script.

@bep
Copy link
Contributor

bep commented Apr 1, 2020

A quick note from me re this:

  • I have some plans to add the Bluemonday HTML sanitizer to Hugo as an option -- which should be more flexible (and configurable). But time ...
  • You're in control of the content (to some extend, it is easy to miss stuff), so I'm not saying that running with "unsafe" is really unsafe.
  • You could also consider adding a Content Security Policy to your Netlify config. Note that I recently added support for custom headers in the Hugo server, which allows for testing these locally. The syntax matches Netlifys.

@gavinfish gavinfish mentioned this pull request Apr 5, 2020
Closed
@jimangel
Copy link
Member Author

jimangel commented Apr 7, 2020

Closing this PR to focus on #19907

More info: https://kubernetes.slack.com/archives/C1J0BPD2M/p1586300322159400?thread_ts=1585352872.050700&cid=C1J0BPD2M

/close

@k8s-ci-robot
Copy link
Contributor

@jimangel: Closed this PR.

In response to this:

Closing this PR to focus on #19907

More info: https://kubernetes.slack.com/archives/C1J0BPD2M/p1586300322159400?thread_ts=1585352872.050700&cid=C1J0BPD2M

/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kbarnard10 kbarnard10 Awaiting requested review from kbarnard10

@bradtopol bradtopol Awaiting requested review from bradtopol

@kbhawkey kbhawkey Awaiting requested review from kbhawkey

@sftim sftim Awaiting requested review from sftim

Assignees
No one assigned
Labels
cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. language/de Issues or PRs related to German language language/en Issues or PRs related to English language language/fr Issues or PRs related to French language language/ja Issues or PRs related to Japanese language language/zh Issues or PRs related to Chinese language sig/docs Categorizes an issue or PR as relevant to SIG Docs. size/M Denotes a PR that changes 30-99 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@jimangel @k8s-ci-robot @kbhawkey @bep