Skip to content

Commit

Permalink
fix: STRF-10175 Allow only strings passed to partial and block helpers (
Browse files Browse the repository at this point in the history
  • Loading branch information
jairo-bc authored Oct 27, 2022
1 parent 6dd11cb commit 3e2d147
Show file tree
Hide file tree
Showing 5 changed files with 64 additions and 11 deletions.
8 changes: 8 additions & 0 deletions helpers/block.js
Original file line number Diff line number Diff line change
@@ -1,7 +1,15 @@
'use strict';

const utils = require('./3p/utils');
const common = require('./lib/common.js');

const factory = globals => {
return function(name) {
name = common.unwrapIfSafeString(globals.handlebars, name);
if (!utils.isString(name)) {
globals.getLogger().info("Non-string passed to block helper");
return '';
}
const options = arguments[arguments.length - 1];

/* Look for partial by name. */
Expand Down
8 changes: 8 additions & 0 deletions helpers/partial.js
Original file line number Diff line number Diff line change
@@ -1,7 +1,15 @@
'use strict';

const utils = require('./3p/utils');
const common = require('./lib/common.js');

const factory = globals => {
return function(name) {
name = common.unwrapIfSafeString(globals.handlebars, name);
if (!utils.isString(name)) {
globals.getLogger().info("Non-string passed to partial helper");
return '';
}
const options = arguments[arguments.length - 1];
globals.handlebars.registerPartial(name, options.fn);
};
Expand Down
10 changes: 10 additions & 0 deletions index.js
Original file line number Diff line number Diff line change
Expand Up @@ -65,6 +65,7 @@ class HandlebarsRenderer {
getThemeSettings: this.getThemeSettings.bind(this),
getTranslator: this.getTranslator.bind(this),
getContent: this.getContent.bind(this),
getLogger: this.getLogger.bind(this),
storage: {}, // global storage used by helpers to keep state
resourceHints: []
};
Expand Down Expand Up @@ -168,6 +169,15 @@ class HandlebarsRenderer {
return this._contentRegions;
};

/**
* Get logger provided to the library
*
* @param {Object} logger
*/
getLogger() {
return this.logger;
}

/**
* Add templates to the active set of partials. The templates can either be raw
* template strings, or the result coming from the preProcessor function.
Expand Down
30 changes: 29 additions & 1 deletion spec/helpers/block.js
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ const lab = exports.lab = Lab.script();
const describe = lab.experiment;
const expect = Code.expect;
const it = lab.it;
const render = require('../spec-helpers').render;
const { render } = require('../spec-helpers');

describe('partial and block helpers', function () {
it('should insert partial into the corresponding block', function (done) {
Expand Down Expand Up @@ -46,4 +46,32 @@ describe('partial and block helpers', function () {
done();
});
});

it('should successfully render template', function (done) {
const templateContent = "some-content";
const templates = {
"layout/base": templateContent,
template: `{{#JSONparse '{"layout/base":{}}'}}{{#partial this}}{{/partial}}{{/JSONparse}}{{>layout/base}}`,
};
render('template', {}, {}, {}, templates).then(result => {
expect(result).to.be.equal(templateContent);
done();
});
});

it('should successfully render template with context', function (done) {
const templateContent = "Hello, world!";
const templates = {
template: `{{#partial "base"}}Hello, world!{{/partial}}{{#partial notPartials}}{{/partial}}{{> base}}`,
};
const context = {
notPartials: {
"base": {}
}
}
render('template', context, {}, {}, templates).then(result => {
expect(result).to.be.equal(templateContent);
done();
});
});
});
19 changes: 9 additions & 10 deletions spec/helpers/getObject.js
Original file line number Diff line number Diff line change
Expand Up @@ -33,16 +33,15 @@ describe('getObject helper', function () {
], done);
});

// uncomment when 3rd-party version is replaced
// it('does not access prototype props', function (done) {
// context.obj.__proto__ = {x: 'yz'};
// runTestCases([
// {
// input: `{{#with (getObject "x" obj)}}{{x}}{{/with}}`,
// output: ``,
// },
// ], done);
// });
it('does not access prototype props', function (done) {
context.obj.__proto__ = {x: 'yz'};
runTestCases([
{
input: `{{#with (getObject "x" obj)}}{{x}}{{/with}}`,
output: ``,
},
], done);
});

it('accepts SafeString paths', (done) => {
runTestCases([
Expand Down

0 comments on commit 3e2d147

Please sign in to comment.