Revert "Merge pull request #463 from Shopify/stricter-identifiers"

This reverts commit a056f6521c, reversing
changes made to 7843bcca8d.

History.md

@@ -3,6 +3,7 @@
 ## 3.0.0 / not yet released / branch "master"
 
 * ...
+* Removed Block#end_tag. Instead, override parse with `super` followed by your code. See #446 [Dylan Thacker-Smith, dylanahsmith]
 * Fixed condition with wrong data types, see #423 [Bogdan Gusiev]
 * Add url_encode to standard filters, see #421 [Derrick Reimer, djreimer]
 * Add uniq to standard filters [Florian Weingarten, fw42]

README.md

@@ -1,5 +1,5 @@
-[![Build Status](https://secure.travis-ci.org/Shopify/liquid.png?branch=master)](http://travis-ci.org/Shopify/liquid)
-[![Inline docs](http://inch-ci.org/github/Shopify/liquid.png)](http://inch-ci.org/github/Shopify/liquid)
+[![Build Status](https://api.travis-ci.org/Shopify/liquid.svg?branch=master)](http://travis-ci.org/Shopify/liquid)
+[![Inline docs](http://inch-ci.org/github/Shopify/liquid.svg?branch=master)](http://inch-ci.org/github/Shopify/liquid)
 
 # Liquid template engine
 

example/server/liquid_servlet.rb

@@ -11,7 +11,8 @@ class LiquidServlet < WEBrick::HTTPServlet::AbstractServlet
   private
 
   def handle(type, req, res)
-    @request, @response = req, res
+    @request = req
+    @response = res
 
     @request.path_info =~ /(\w+)\z/
     @action = $1 || 'index'

lib/liquid/block.rb

@@ -14,48 +14,45 @@ module Liquid
       @nodelist ||= []
       @nodelist.clear
 
-      # All child tags of the current block.
-      @children = []
-
       while token = tokens.shift
-        unless token.empty?
-          case
-          when token.start_with?(TAGSTART)
-            if token =~ FullToken
+        begin
+          unless token.empty?
+            case
+            when token.start_with?(TAGSTART)
+              if token =~ FullToken
 
-              # if we found the proper block delimiter just end parsing here and let the outer block
-              # proceed
-              if block_delimiter == $1
-                end_tag
-                return
-              end
+                # if we found the proper block delimiter just end parsing here and let the outer block
+                # proceed
+                return if block_delimiter == $1
 
-              # fetch the tag from registered blocks
-              if tag = Template.tags[$1]
-                markup = token.is_a?(Token) ? token.child($2) : $2
-                new_tag = tag.parse($1, markup, tokens, @options)
-                new_tag.line_number = token.line_number if token.is_a?(Token)
-                @blank &&= new_tag.blank?
-                @nodelist << new_tag
-                @children << new_tag
+                # fetch the tag from registered blocks
+                if tag = Template.tags[$1]
+                  markup = token.is_a?(Token) ? token.child($2) : $2
+                  new_tag = tag.parse($1, markup, tokens, @options)
+                  new_tag.line_number = token.line_number if token.is_a?(Token)
+                  @blank &&= new_tag.blank?
+                  @nodelist << new_tag
+                else
+                  # this tag is not registered with the system
+                  # pass it to the current block for special handling or error reporting
+                  unknown_tag($1, $2, tokens)
+                end
               else
-                # this tag is not registered with the system
-                # pass it to the current block for special handling or error reporting
-                unknown_tag($1, $2, tokens)
+                raise SyntaxError.new(options[:locale].t("errors.syntax.tag_termination".freeze, :token => token, :tag_end => TagEnd.inspect))
               end
+            when token.start_with?(VARSTART)
+              new_var = create_variable(token)
+              new_var.line_number = token.line_number if token.is_a?(Token)
+              @nodelist << new_var
+              @blank = false
             else
-              raise SyntaxError.new(options[:locale].t("errors.syntax.tag_termination".freeze, :token => token, :tag_end => TagEnd.inspect))
+              @nodelist << token
+              @blank &&= (token =~ /\A\s*\z/)
             end
-          when token.start_with?(VARSTART)
-            new_var = create_variable(token)
-            new_var.line_number = token.line_number if token.is_a?(Token)
-            @nodelist << new_var
-            @children << new_var
-            @blank = false
-          else
-            @nodelist << token
-            @blank &&= (token =~ /\A\s*\z/)
           end
+        rescue SyntaxError => e
+          e.set_line_number_from_token(token)
+          raise
         end
       end
 
@@ -70,16 +67,13 @@ module Liquid
       all_warnings = []
       all_warnings.concat(@warnings) if @warnings
 
-      (@children || []).each do |node|
-        all_warnings.concat(node.warnings || [])
+      (nodelist || []).each do |node|
+        all_warnings.concat(node.warnings || []) if node.respond_to?(:warnings)
       end
 
       all_warnings
     end
 
-    def end_tag
-    end
-
     def unknown_tag(tag, params, tokens)
       case tag
       when 'else'.freeze

lib/liquid/block_body.rb

@@ -0,0 +1,123 @@
+module Liquid
+  class BlockBody
+    FullToken = /\A#{TagStart}\s*(\w+)\s*(.*)?#{TagEnd}\z/om
+    ContentOfVariable = /\A#{VariableStart}(.*)#{VariableEnd}\z/om
+    TAGSTART = "{%".freeze
+    VARSTART = "{{".freeze
+
+    attr_reader :nodelist
+
+    def initialize
+      @nodelist = []
+      @blank = true
+    end
+
+    def parse(tokens, options)
+      while token = tokens.shift
+        begin
+          unless token.empty?
+            case
+            when token.start_with?(TAGSTART)
+              if token =~ FullToken
+                tag_name = $1
+                markup = $2
+                # fetch the tag from registered blocks
+                if tag = Template.tags[tag_name]
+                  markup = token.child(markup) if token.is_a?(Token)
+                  new_tag = tag.parse(tag_name, markup, tokens, options)
+                  new_tag.line_number = token.line_number if token.is_a?(Token)
+                  @blank &&= new_tag.blank?
+                  @nodelist << new_tag
+                else
+                  # end parsing if we reach an unknown tag and let the caller decide
+                  # determine how to proceed
+                  return yield tag_name, markup
+                end
+              else
+                raise SyntaxError.new(options[:locale].t("errors.syntax.tag_termination".freeze, :token => token, :tag_end => TagEnd.inspect))
+              end
+            when token.start_with?(VARSTART)
+              new_var = create_variable(token, options)
+              new_var.line_number = token.line_number if token.is_a?(Token)
+              @nodelist << new_var
+              @blank = false
+            else
+              @nodelist << token
+              @blank &&= !!(token =~ /\A\s*\z/)
+            end
+          end
+        rescue SyntaxError => e
+          e.set_line_number_from_token(token)
+          raise
+        end
+      end
+
+      yield nil, nil
+    end
+
+    def blank?
+      @blank
+    end
+
+    def warnings
+      all_warnings = []
+      nodelist.each do |node|
+        all_warnings.concat(node.warnings) if node.respond_to?(:warnings) && node.warnings
+      end
+      all_warnings
+    end
+
+    def render(context)
+      output = []
+      context.resource_limits[:render_length_current] = 0
+      context.resource_limits[:render_score_current] += @nodelist.length
+
+      @nodelist.each do |token|
+        # Break out if we have any unhanded interrupts.
+        break if context.has_interrupt?
+
+        begin
+          # If we get an Interrupt that means the block must stop processing. An
+          # Interrupt is any command that stops block execution such as {% break %}
+          # or {% continue %}
+          if token.is_a?(Continue) or token.is_a?(Break)
+            context.push_interrupt(token.interrupt)
+            break
+          end
+
+          token_output = render_token(token, context)
+
+          unless token.is_a?(Block) && token.blank?
+            output << token_output
+          end
+        rescue MemoryError => e
+          raise e
+        rescue ::StandardError => e
+          output << context.handle_error(e, token)
+        end
+      end
+
+      output.join
+    end
+
+    private
+
+    def render_token(token, context)
+      token_output = (token.respond_to?(:render) ? token.render(context) : token)
+      context.increment_used_resources(:render_length_current, token_output)
+      if context.resource_limits_reached?
+        context.resource_limits[:reached] = true
+        raise MemoryError.new("Memory limits exceeded".freeze)
+      end
+      token_output
+    end
+
+    def create_variable(token, options)
+      token.scan(ContentOfVariable) do |content|
+        markup = token.is_a?(Token) ? token.child(content.first) : content.first
+        return Variable.new(markup, options)
+      end
+      raise SyntaxError.new(options[:locale].t("errors.syntax.variable_termination".freeze, :token => token, :tag_end => VariableEnd.inspect))
+    end
+  end
+end

lib/liquid/condition.rb

@@ -28,7 +28,9 @@ module Liquid
     attr_accessor :left, :operator, :right
 
     def initialize(left = nil, operator = nil, right = nil)
-      @left, @operator, @right = left, operator, right
+      @left = left
+      @operator = operator
+      @right = right
       @child_relation  = nil
       @child_condition = nil
     end
@@ -47,11 +49,13 @@ module Liquid
     end
 
     def or(condition)
-      @child_relation, @child_condition = :or, condition
+      @child_relation = :or
+      @child_condition = condition
     end
 
     def and(condition)
-      @child_relation, @child_condition = :and, condition
+      @child_relation = :and
+      @child_condition = condition
     end
 
     def attach(attachment)
@@ -94,7 +98,8 @@ module Liquid
       # return this as the result.
       return context[left] if op == nil
 
-      left, right = context[left], context[right]
+      left = context[left]
+      right = context[right]
 
       operation = self.class.operators[op] || raise(Liquid::ArgumentError.new("Unknown operator #{op}"))
 

lib/liquid/context.rb

@@ -21,7 +21,7 @@ module Liquid
       @scopes           = [(outer_scope || {})]
       @registers        = registers
       @errors           = []
-      @resource_limits  = resource_limits || Template.default_resource_limits
+      @resource_limits  = resource_limits || Template.default_resource_limits.dup
       @resource_limits[:render_score_current] = 0
       @resource_limits[:assign_score_current] = 0
       @parsed_expression = Hash.new{ |cache, markup| cache[markup] = Expression.parse(markup) }

lib/liquid/errors.rb

@@ -18,6 +18,7 @@ module Liquid
 
     def set_line_number_from_token(token)
       return unless token.respond_to?(:line_number)
+      return if self.line_number
       self.line_number = token.line_number
     end
 
@@ -50,10 +51,10 @@ module Liquid
 
   class ArgumentError < Error; end
   class ContextError < Error; end
-  class FilterNotFound < Error; end
   class FileSystemError < Error; end
   class StandardError < Error; end
   class SyntaxError < Error; end
   class StackLevelError < Error; end
+  class TaintedError < Error; end
   class MemoryError < Error; end
 end

lib/liquid/standardfilters.rb

@@ -34,7 +34,7 @@ module Liquid
     end
 
     def escape(input)
-      CGI.escapeHTML(input) rescue input
+      CGI.escapeHTML(input).untaint rescue input
     end
     alias_method :h, :escape
 

lib/liquid/tags/case.rb

@@ -15,7 +15,7 @@ module Liquid
     end
 
     def nodelist
-      @blocks.map(&:attachment).flatten
+      @blocks.flat_map(&:attachment)
     end
 
     def unknown_tag(tag, markup, tokens)

lib/liquid/tags/if.rb

@@ -21,7 +21,7 @@ module Liquid
     end
 
     def nodelist
-      @blocks.map(&:attachment).flatten
+      @blocks.flat_map(&:attachment)
     end
 
     def unknown_tag(tag, markup, tokens)
@@ -57,15 +57,15 @@ module Liquid
       end
 
       def lax_parse(markup)
-        expressions = markup.scan(ExpressionsAndOperators).reverse
-        raise(SyntaxError.new(options[:locale].t("errors.syntax.if".freeze))) unless expressions.shift =~ Syntax
+        expressions = markup.scan(ExpressionsAndOperators)
+        raise(SyntaxError.new(options[:locale].t("errors.syntax.if".freeze))) unless expressions.pop =~ Syntax
 
         condition = Condition.new($1, $2, $3)
 
         while not expressions.empty?
-          operator = (expressions.shift).to_s.strip
+          operator = expressions.pop.to_s.strip
 
-          raise(SyntaxError.new(options[:locale].t("errors.syntax.if".freeze))) unless expressions.shift.to_s =~ Syntax
+          raise(SyntaxError.new(options[:locale].t("errors.syntax.if".freeze))) unless expressions.pop.to_s =~ Syntax
 
           new_condition = Condition.new($1, $2, $3)
           raise(SyntaxError.new(options[:locale].t("errors.syntax.if".freeze))) unless BOOLEAN_OPERATORS.include?(operator)

lib/liquid/tags/ifchanged.rb

@@ -4,7 +4,7 @@ module Liquid
     def render(context)
       context.stack do
 
-        output = render_all(@nodelist, context)
+        output = super
 
         if output != context.registers[:ifchanged]
           context.registers[:ifchanged] = output

lib/liquid/tags/raw.rb

@@ -8,10 +8,7 @@ module Liquid
       while token = tokens.shift
         if token =~ FullTokenPossiblyInvalid
           @nodelist << $1 if $1 != "".freeze
-          if block_delimiter == $2
-            end_tag
-            return
-          end
+          return if block_delimiter == $2
         end
         @nodelist << token if not token.empty?
       end

lib/liquid/tags/table_row.rb

@@ -54,7 +54,7 @@ module Liquid
 
           col += 1
 
-          result << "<td class=\"col#{col}\">" << render_all(@nodelist, context) << '</td>'
+          result << "<td class=\"col#{col}\">" << super << '</td>'
 
           if col == cols and (index != length - 1)
             col  = 0

lib/liquid/template.rb

@@ -60,6 +60,12 @@ module Liquid
       # :strict will enforce correct syntax.
       attr_writer :error_mode
 
+      # Sets how strict the taint checker should be.
+      # :lax is the default, and ignores the taint flag completely
+      # :warn adds a warning, but does not interrupt the rendering
+      # :error raises an error when tainted output is used
+      attr_writer :taint_mode
+
       def file_system
         @@file_system
       end
@@ -80,6 +86,10 @@ module Liquid
         @error_mode || :lax
       end
 
+      def taint_mode
+        @taint_mode || :lax
+      end
+
       # Pass a module with filter methods which should be available
       # to all liquid views. Good for registering the standard library
       def register_filter(mod)

lib/liquid/variable.rb

@@ -35,15 +35,17 @@ module Liquid
 
     def lax_parse(markup)
       @filters = []
-      if markup =~ /\s*(#{QuotedFragment})(.*)/om
-        @name = Regexp.last_match(1)
-        if Regexp.last_match(2) =~ /#{FilterSeparator}\s*(.*)/om
-          filters = Regexp.last_match(1).scan(FilterParser)
+      if markup =~ /(#{QuotedFragment})(.*)/om
+        name_markup = $1
+        filter_markup = $2
+        @name = Expression.parse(name_markup)
+        if filter_markup =~ /#{FilterSeparator}\s*(.*)/om
+          filters = $1.scan(FilterParser)
           filters.each do |f|
             if f =~ /\w+/
               filtername = Regexp.last_match(0)
               filterargs = f.scan(/(?:#{FilterArgumentSeparator}|#{ArgumentSeparator})\s*((?:\w+\s*\:\s*)?#{QuotedFragment})/o).flatten
-              @filters << [filtername, filterargs]
+              @filters << parse_filter_expressions(filtername, filterargs)
             end
           end
         end
@@ -53,7 +55,7 @@ module Liquid
     def strict_parse(markup)
       # Very simple valid cases
       if markup =~ EasyParse
-        @name = $1
+        @name = Expression.parse($1)
         @filters = []
         return
       end
@@ -61,11 +63,11 @@ module Liquid
       @filters = []
       p = Parser.new(markup)
       # Could be just filters with no input
-      @name = p.look(:pipe) ? ''.freeze : p.expression
+      @name = p.look(:pipe) ? nil : Expression.parse(p.expression)
       while p.consume?(:pipe)
         filtername = p.consume(:id)
         filterargs = p.consume?(:colon) ? parse_filterargs(p) : []
-        @filters << [filtername, filterargs]
+        @filters << parse_filter_expressions(filtername, filterargs)
       end
       p.consume(:end_of_string)
     end
@@ -81,22 +83,51 @@ module Liquid
     end
 
     def render(context)
-      return ''.freeze if @name.nil?
-      @filters.inject(context[@name]) do |output, filter|
-        filterargs = []
-        keyword_args = {}
-        filter[1].to_a.each do |a|
-          if matches = a.match(/\A#{TagAttributes}\z/o)
-            keyword_args[matches[1]] = context[matches[2]]
-          else
-            filterargs << context[a]
-          end
+      @filters.inject(context.evaluate(@name)) do |output, (filter_name, filter_args, filter_kwargs)|
+        filter_args = evaluate_filter_expressions(context, filter_args, filter_kwargs)
+        output = context.invoke(filter_name, output, *filter_args)
+      end.tap{ |obj| taint_check(obj) }
+    end
+
+    private
+
+    def parse_filter_expressions(filter_name, unparsed_args)
+      filter_args = []
+      keyword_args = {}
+      unparsed_args.each do |a|
+        if matches = a.match(/\A#{TagAttributes}\z/o)
+          keyword_args[matches[1]] = Expression.parse(matches[2])
+        else
+          filter_args << Expression.parse(a)
         end
-        filterargs << keyword_args unless keyword_args.empty?
-        begin
-          output = context.invoke(filter[0], output, *filterargs)
-        rescue FilterNotFound
-          raise FilterNotFound, "Error - filter '#{filter[0]}' in '#{@markup.strip}' could not be found."
+      end
+      result = [filter_name, filter_args]
+      result << keyword_args unless keyword_args.empty?
+      result
+    end
+
+    def evaluate_filter_expressions(context, filter_args, filter_kwargs)
+      parsed_args = filter_args.map{ |expr| context.evaluate(expr) }
+      if filter_kwargs
+        parsed_kwargs = {}
+        filter_kwargs.each do |key, expr|
+          parsed_kwargs[key] = context.evaluate(expr)
+        end
+        parsed_args << parsed_kwargs
+      end
+      parsed_args
+    end
+
+    def taint_check(obj)
+      if obj.tainted?
+        @markup =~ QuotedFragment
+        name = Regexp.last_match(0)
+        case Template.taint_mode
+        when :warn
+          @warnings ||= []
+          @warnings << "variable '#{name}' is tainted and was not escaped"
+        when :error
+          raise TaintedError, "Error - variable '#{name}' is tainted and was not escaped"
         end
       end
     end

lib/liquid/variable_lookup.rb

@@ -64,5 +64,15 @@ module Liquid
 
       object
     end
+
+    def ==(other)
+      self.class == other.class && self.state == other.state
+    end
+
+    protected
+
+    def state
+      [@name, @lookups, @command_flags]
+    end
   end
 end

performance/shopify/paginate.rb

@@ -4,8 +4,6 @@ class Paginate < Liquid::Block
   def initialize(tag_name, markup, options)
     super
 
-    @nodelist = []
-
     if markup =~ Syntax
       @collection_name = $1
       @page_size = if $2
@@ -73,7 +71,7 @@ class Paginate < Liquid::Block
         end
       end
 
-      render_all(@nodelist, context)
+      super
     end
   end
 

test/integration/context_test.rb

@@ -23,12 +23,10 @@ class ContextTest < Minitest::Test
   end
 
   def test_has_key_will_not_add_an_error_for_missing_keys
-    Template.error_mode = :strict
-
-    context = Context.new
-
-    context.has_key?('unknown')
-
-    assert_empty context.errors
+    with_error_mode :strict do
+      context = Context.new
+      context.has_key?('unknown')
+      assert_empty context.errors
+    end
   end
 end

test/integration/drop_test.rb

@@ -48,6 +48,10 @@ class ProductDrop < Liquid::Drop
     ContextDrop.new
   end
 
+  def user_input
+    "foo".taint
+  end
+
   protected
     def callmenot
       "protected"
@@ -108,6 +112,30 @@ class DropsTest < Minitest::Test
     assert_equal '  ', tpl.render!('product' => ProductDrop.new)
   end
 
+  def test_rendering_raises_on_tainted_attr
+    with_taint_mode(:error) do
+      tpl = Liquid::Template.parse('{{ product.user_input }}')
+      assert_raises TaintedError do
+        tpl.render!('product' => ProductDrop.new)
+      end
+    end
+  end
+
+  def test_rendering_warns_on_tainted_attr
+    with_taint_mode(:warn) do
+      tpl = Liquid::Template.parse('{{ product.user_input }}')
+      tpl.render!('product' => ProductDrop.new)
+      assert_match /tainted/, tpl.warnings.first
+    end
+  end
+
+  def test_rendering_doesnt_raise_on_escaped_tainted_attr
+    with_taint_mode(:error) do
+      tpl = Liquid::Template.parse('{{ product.user_input | escape }}')
+      tpl.render!('product' => ProductDrop.new)
+    end
+  end
+
   def test_drop_does_only_respond_to_whitelisted_methods
     assert_equal "", Liquid::Template.parse("{{ product.inspect }}").render!('product' => ProductDrop.new)
     assert_equal "", Liquid::Template.parse("{{ product.pretty_inspect }}").render!('product' => ProductDrop.new)

test/integration/error_handling_test.rb

@@ -100,6 +100,73 @@ class ErrorHandlingTest < Minitest::Test
     assert_equal Liquid::ArgumentError, template.errors.first.class
   end
 
+  def test_with_line_numbers_adds_numbers_to_parser_errors
+    err = assert_raises(SyntaxError) do
+      template = Liquid::Template.parse(%q{
+          foobar
+
+          {% "cat" | foobar %}
+
+          bla
+        },
+        :line_numbers => true
+      )
+    end
+
+    assert_match /Liquid syntax error \(line 4\)/, err.message
+  end
+
+  def test_parsing_warn_with_line_numbers_adds_numbers_to_lexer_errors
+    template = Liquid::Template.parse(%q{
+        foobar
+
+        {% if 1 =! 2 %}ok{% endif %}
+
+        bla
+      },
+      :error_mode => :warn,
+      :line_numbers => true
+    )
+
+    assert_equal ['Liquid syntax error (line 4): Unexpected character = in "1 =! 2"'],
+      template.warnings.map(&:message)
+  end
+
+  def test_parsing_strict_with_line_numbers_adds_numbers_to_lexer_errors
+    err = assert_raises(SyntaxError) do
+      Liquid::Template.parse(%q{
+          foobar
+
+          {% if 1 =! 2 %}ok{% endif %}
+
+          bla
+        },
+        :error_mode => :strict,
+        :line_numbers => true
+      )
+    end
+
+    assert_equal 'Liquid syntax error (line 4): Unexpected character = in "1 =! 2"', err.message
+  end
+
+  def test_syntax_errors_in_nested_blocks_have_correct_line_number
+    err = assert_raises(SyntaxError) do
+      Liquid::Template.parse(%q{
+          foobar
+
+          {% if 1 != 2 %}
+            {% foo %}
+          {% endif %}
+
+          bla
+        },
+        :line_numbers => true
+      )
+    end
+
+    assert_equal "Liquid syntax error (line 5): Unknown tag 'foo'", err.message
+  end
+
   def test_strict_error_messages
     err = assert_raises(SyntaxError) do
       Liquid::Template.parse(' {% if 1 =! 2 %}ok{% endif %} ', :error_mode => :strict)

test/integration/parsing_quirks_test.rb

@@ -100,4 +100,17 @@ class ParsingQuirksTest < Minitest::Test
     end
   end
 
+  def test_invalid_variables_work
+    with_error_mode(:lax) do
+      assert_template_result('bar', "{% assign 123foo = 'bar' %}{{ 123foo }}")
+      assert_template_result('123', "{% assign 123 = 'bar' %}{{ 123 }}")
+    end
+  end
+
+  def test_extra_dots_in_ranges
+    with_error_mode(:lax) do
+      assert_template_result('12345', "{% for i in (1...5) %}{{ i }}{% endfor %}")
+    end
+  end
+
 end # ParsingQuirksTest

test/integration/render_profiling_test.rb

@@ -72,7 +72,7 @@ class RenderProfilingTest < Minitest::Test
     t = Template.parse("{% include 'a_template' %}", :profile => true)
     t.render!
 
-    assert t.profiler.total_render_time > 0, "Total render time was not calculated"
+    assert t.profiler.total_render_time >= 0, "Total render time was not calculated"
   end
 
   def test_profiling_uses_include_to_mark_children

test/integration/tags/if_else_tag_test.rb

@@ -10,6 +10,11 @@ class IfElseTagTest < Minitest::Test
     assert_template_result('  you rock ?','{% if false %} you suck {% endif %} {% if true %} you rock {% endif %}?')
   end
 
+  def test_literal_comparisons
+    assert_template_result(' NO ','{% assign v = false %}{% if v %} YES {% else %} NO {% endif %}')
+    assert_template_result(' YES ','{% assign v = nil %}{% if v == nil %} YES {% else %} NO {% endif %}')
+  end
+
   def test_if_else
     assert_template_result(' YES ','{% if false %} NO {% else %} YES {% endif %}')
     assert_template_result(' YES ','{% if true %} YES {% else %} NO {% endif %}')

test/integration/tags/include_tag_test.rb

@@ -27,6 +27,9 @@ class TestFileSystem
     when "pick_a_source"
       "from TestFileSystem"
 
+    when 'assignments'
+      "{% assign foo = 'bar' %}"
+
     else
       template_path
     end
@@ -108,6 +111,10 @@ class IncludeTagTest < Minitest::Test
       'echo1' => 'test123', 'more_echos' => { "echo2" => 'test321'}
   end
 
+  def test_included_templates_assigns_variables
+    assert_template_result "bar", "{% include 'assignments' %}{{ foo }}"
+  end
+
   def test_nested_include_tag
     assert_template_result "body body_detail", "{% include 'body' %}"
 

test/integration/template_test.rb

@@ -135,6 +135,18 @@ class TemplateTest < Minitest::Test
     assert t.resource_limits[:render_length_current] > 0
   end
 
+  def test_default_resource_limits_unaffected_by_render_with_context
+    context = Context.new
+    t = Template.parse("{% for a in (1..100) %} {% assign foo = 1 %} {% endfor %}")
+    t.render!(context)
+    assert context.resource_limits[:assign_score_current] > 0
+    assert context.resource_limits[:render_score_current] > 0
+    assert context.resource_limits[:render_length_current] > 0
+    refute Template.default_resource_limits.key?(:assign_score_current)
+    refute Template.default_resource_limits.key?(:render_score_current)
+    refute Template.default_resource_limits.key?(:render_length_current)
+  end
+
   def test_can_use_drop_as_context
     t = Template.new
     t.registers['lulz'] = 'haha'

test/integration/variable_test.rb

@@ -31,6 +31,12 @@ class VariableTest < Minitest::Test
 
   def test_false_renders_as_false
     assert_equal 'false', Template.parse("{{ foo }}").render!('foo' => false)
+    assert_equal 'false', Template.parse("{{ false }}").render!
+  end
+
+  def test_nil_renders_as_empty_string
+    assert_equal '', Template.parse("{{ nil }}").render!
+    assert_equal 'cat', Template.parse("{{ nil | append: 'cat' }}").render!
   end
 
   def test_preset_assigns

test/test_helper.rb

@@ -57,6 +57,14 @@ module Minitest
       Liquid::Strainer.class_variable_set(:@@filters, original_filters)
     end
 
+    def with_taint_mode(mode)
+      old_mode = Liquid::Template.taint_mode
+      Liquid::Template.taint_mode = mode
+      yield
+    ensure
+      Liquid::Template.taint_mode = old_mode
+    end
+
     def with_error_mode(mode)
       old_mode = Liquid::Template.error_mode
       Liquid::Template.error_mode = mode

test/unit/strainer_unit_test.rb

@@ -57,7 +57,8 @@ class StrainerUnitTest < Minitest::Test
   end
 
   def test_strainer_uses_a_class_cache_to_avoid_method_cache_invalidation
-    a, b = Module.new, Module.new
+    a = Module.new
+    b = Module.new
     strainer = Strainer.create(nil, [a,b])
     assert_kind_of Strainer, strainer
     assert_kind_of a, strainer

test/unit/variable_unit_test.rb

@@ -5,125 +5,123 @@ class VariableUnitTest < Minitest::Test
 
   def test_variable
     var = Variable.new('hello')
-    assert_equal 'hello', var.name
+    assert_equal VariableLookup.new('hello'), var.name
   end
 
   def test_filters
     var = Variable.new('hello | textileze')
-    assert_equal 'hello', var.name
-    assert_equal [["textileze",[]]], var.filters
+    assert_equal VariableLookup.new('hello'), var.name
+    assert_equal [['textileze',[]]], var.filters
 
     var = Variable.new('hello | textileze | paragraph')
-    assert_equal 'hello', var.name
-    assert_equal [["textileze",[]], ["paragraph",[]]], var.filters
+    assert_equal VariableLookup.new('hello'), var.name
+    assert_equal [['textileze',[]], ['paragraph',[]]], var.filters
 
     var = Variable.new(%! hello | strftime: '%Y'!)
-    assert_equal 'hello', var.name
-    assert_equal [["strftime",["'%Y'"]]], var.filters
+    assert_equal VariableLookup.new('hello'), var.name
+    assert_equal [['strftime',['%Y']]], var.filters
 
     var = Variable.new(%! 'typo' | link_to: 'Typo', true !)
-    assert_equal %!'typo'!, var.name
-    assert_equal [["link_to",["'Typo'", "true"]]], var.filters
+    assert_equal 'typo', var.name
+    assert_equal [['link_to',['Typo', true]]], var.filters
 
     var = Variable.new(%! 'typo' | link_to: 'Typo', false !)
-    assert_equal %!'typo'!, var.name
-    assert_equal [["link_to",["'Typo'", "false"]]], var.filters
+    assert_equal 'typo', var.name
+    assert_equal [['link_to',['Typo', false]]], var.filters
 
     var = Variable.new(%! 'foo' | repeat: 3 !)
-    assert_equal %!'foo'!, var.name
-    assert_equal [["repeat",["3"]]], var.filters
+    assert_equal 'foo', var.name
+    assert_equal [['repeat',[3]]], var.filters
 
     var = Variable.new(%! 'foo' | repeat: 3, 3 !)
-    assert_equal %!'foo'!, var.name
-    assert_equal [["repeat",["3","3"]]], var.filters
+    assert_equal 'foo', var.name
+    assert_equal [['repeat',[3,3]]], var.filters
 
     var = Variable.new(%! 'foo' | repeat: 3, 3, 3 !)
-    assert_equal %!'foo'!, var.name
-    assert_equal [["repeat",["3","3","3"]]], var.filters
+    assert_equal 'foo', var.name
+    assert_equal [['repeat',[3,3,3]]], var.filters
 
     var = Variable.new(%! hello | strftime: '%Y, okay?'!)
-    assert_equal 'hello', var.name
-    assert_equal [["strftime",["'%Y, okay?'"]]], var.filters
+    assert_equal VariableLookup.new('hello'), var.name
+    assert_equal [['strftime',['%Y, okay?']]], var.filters
 
     var = Variable.new(%! hello | things: "%Y, okay?", 'the other one'!)
-    assert_equal 'hello', var.name
-    assert_equal [["things",["\"%Y, okay?\"","'the other one'"]]], var.filters
+    assert_equal VariableLookup.new('hello'), var.name
+    assert_equal [['things',['%Y, okay?','the other one']]], var.filters
   end
 
   def test_filter_with_date_parameter
-
     var = Variable.new(%! '2006-06-06' | date: "%m/%d/%Y"!)
-    assert_equal "'2006-06-06'", var.name
-    assert_equal [["date",["\"%m/%d/%Y\""]]], var.filters
-
+    assert_equal '2006-06-06', var.name
+    assert_equal [['date',['%m/%d/%Y']]], var.filters
   end
 
   def test_filters_without_whitespace
     var = Variable.new('hello | textileze | paragraph')
-    assert_equal 'hello', var.name
-    assert_equal [["textileze",[]], ["paragraph",[]]], var.filters
+    assert_equal VariableLookup.new('hello'), var.name
+    assert_equal [['textileze',[]], ['paragraph',[]]], var.filters
 
     var = Variable.new('hello|textileze|paragraph')
-    assert_equal 'hello', var.name
-    assert_equal [["textileze",[]], ["paragraph",[]]], var.filters
+    assert_equal VariableLookup.new('hello'), var.name
+    assert_equal [['textileze',[]], ['paragraph',[]]], var.filters
 
     var = Variable.new("hello|replace:'foo','bar'|textileze")
-    assert_equal 'hello', var.name
-    assert_equal [["replace", ["'foo'", "'bar'"]], ["textileze", []]], var.filters
+    assert_equal VariableLookup.new('hello'), var.name
+    assert_equal [['replace', ['foo', 'bar']], ['textileze', []]], var.filters
   end
 
   def test_symbol
     var = Variable.new("http://disney.com/logo.gif | image: 'med' ", :error_mode => :lax)
-    assert_equal "http://disney.com/logo.gif", var.name
-    assert_equal [["image",["'med'"]]], var.filters
+    assert_equal VariableLookup.new('http://disney.com/logo.gif'), var.name
+    assert_equal [['image',['med']]], var.filters
   end
 
   def test_string_to_filter
     var = Variable.new("'http://disney.com/logo.gif' | image: 'med' ")
-    assert_equal "'http://disney.com/logo.gif'", var.name
-    assert_equal [["image",["'med'"]]], var.filters
+    assert_equal 'http://disney.com/logo.gif', var.name
+    assert_equal [['image',['med']]], var.filters
   end
 
   def test_string_single_quoted
     var = Variable.new(%| "hello" |)
-    assert_equal '"hello"', var.name
+    assert_equal 'hello', var.name
   end
 
   def test_string_double_quoted
     var = Variable.new(%| 'hello' |)
-    assert_equal "'hello'", var.name
+    assert_equal 'hello', var.name
   end
 
   def test_integer
     var = Variable.new(%| 1000 |)
-    assert_equal "1000", var.name
+    assert_equal 1000, var.name
   end
 
   def test_float
     var = Variable.new(%| 1000.01 |)
-    assert_equal "1000.01", var.name
+    assert_equal 1000.01, var.name
   end
 
   def test_string_with_special_chars
     var = Variable.new(%| 'hello! $!@.;"ddasd" ' |)
-    assert_equal %|'hello! $!@.;"ddasd" '|, var.name
+    assert_equal 'hello! $!@.;"ddasd" ', var.name
   end
 
   def test_string_dot
     var = Variable.new(%| test.test |)
-    assert_equal 'test.test', var.name
+    assert_equal VariableLookup.new('test.test'), var.name
   end
 
   def test_filter_with_keyword_arguments
     var = Variable.new(%! hello | things: greeting: "world", farewell: 'goodbye'!)
-    assert_equal 'hello', var.name
-    assert_equal [['things',["greeting: \"world\"","farewell: 'goodbye'"]]], var.filters
+    assert_equal VariableLookup.new('hello'), var.name
+    assert_equal [['things', [], { 'greeting' => 'world', 'farewell' => 'goodbye' }]], var.filters
   end
 
   def test_lax_filter_argument_parsing
     var = Variable.new(%! number_of_comments | pluralize: 'comment': 'comments' !, :error_mode => :lax)
-    assert_equal 'number_of_comments', var.name
-    assert_equal [['pluralize',["'comment'","'comments'"]]], var.filters
+    assert_equal VariableLookup.new('number_of_comments'), var.name
+    assert_equal [['pluralize',['comment','comments']]], var.filters
   end
 
   def test_strict_filter_argument_parsing