8df8aa434f
Two issues fixed: 1. Language-less code blocks (``` without lang) were not accumulating text content. The guard `code_block_lang.is_some()` was false for them, so content fell through to regular text rendering. Fix: Add `in_code_block` flag to track code block state separately from language presence. 2. Single quotes in code blocks were being HTML-escaped as ', breaking CSP headers like 'self' in documentation. Fix: Create code_escape/code_escape_into in escape.rs that only escapes <, >, & (required to prevent HTML tag injection) but preserves quotes (safe inside <pre><code> content). Rationale for code_escape: - < and > MUST be escaped to prevent browser interpreting code as HTML - & MUST be escaped to prevent HTML entity interpretation - Quotes are safe inside element content (no attribute context) Also: - Add test for unlabeled code block quote preservation All 71 tests pass.
sukr
Minimal static site compiler — suckless, Rust, zero JS.
sukr transforms Markdown content into high-performance static HTML. No bloated runtimes, no client-side JavaScript, just clean output.
Why sukr?
Most static site generators punt rich content to the browser. sukr doesn't.
- Tree-sitter syntax highlighting — Proper parsing, not regex. Supports language injection (Nix shells, HTML scripts).
- Build-time math — KaTeX renders LaTeX to static HTML. No 300KB JavaScript bundle.
- Build-time diagrams — Mermaid compiles to inline SVG. Diagrams load instantly.
Features
- Syntax highlighting — Tree-sitter with language injection (Nix→Bash, HTML→JS/CSS)
- Math rendering — LaTeX to HTML via KaTeX at build time
- Mermaid diagrams — Rendered to inline SVG, no client JS
- Tera templates — Customize without recompiling
- Hierarchical navigation — Nested sections with table of contents
- Atom feeds — Auto-generated for blog sections
- Sitemap — SEO-ready XML sitemap
- CSS minification — LightningCSS optimization
- Monorepo support — Multiple sites via
-cflag
Comparison
| Feature | sukr | Zola | Hugo | Eleventy |
|---|---|---|---|---|
| Syntax Highlighting | Tree-sitter | syntect | Chroma | Plugins |
| Build-time Math | ✅ | ❌ | ❌ | Plugin |
| Build-time Diagrams | ✅ | ❌ | ❌ | Plugin |
| Zero JS Output | ✅ | ❌ | ❌ | Optional |
| Single Binary | ✅ | ✅ | ✅ | ❌ |
See the full comparison for details.
Quick Start
# Build
cargo build --release
# Run (uses ./site.toml)
sukr
# Custom config (monorepo)
sukr -c docs/site.toml
Configuration
Create site.toml:
title = "My Site"
author = "Your Name"
base_url = "https://example.com"
[paths] # All optional, defaults shown
content = "content"
output = "public"
static = "static"
templates = "templates"
[nav] # Optional
nested = false # Show section children in nav
toc = false # Enable table of contents
Content Structure
content/
├── _index.md # Homepage
├── getting-started.md # Page → /getting-started.html
├── configuration.md # Page → /configuration.html
└── features/
├── _index.md # Section index → /features/index.html
└── templates.md # Page → /features/templates.html
...
Documentation
Full documentation at sukr.io (built with sukr).
Security
sukr processes content at build time only — there is no runtime attack surface.
Trust Model:
- Untrusted: Markdown content, frontmatter, third-party templates
- Trusted: The compiled sukr binary, Tree-sitter grammars
Security Implications:
- Raw HTML in Markdown is passed through (CommonMark spec). If your content comes from untrusted sources, review it before building.
- URLs in links and images are escaped to prevent attribute injection.
- Templates use Tera's auto-escaping for variables;
{{ content | safe }}is used intentionally for pre-rendered HTML.
For deployment-time security (CSP headers, etc.), see the Security docs.
License
MIT