Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(storefront): STRF-12281 Prevent block and partial helpers from being named prototype methods #317

Merged
merged 1 commit into from
Jul 24, 2024

Conversation

jordanarldt
Copy link
Contributor

@jordanarldt jordanarldt commented Jul 24, 2024

Jira: STRF-12281

What/Why?

Prevent partial and block helpers from allowing names that are the same as native javascript object prototype methods.

Rollout/Rollback

Roll back this PR

Testing

Unit tests, ensured that error is not thrown and object prototype is not accessed.


cc @bigcommerce/team-storefront

Copy link
Contributor

@jairo-bc jairo-bc left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

Copy link
Contributor

@jmwiese jmwiese left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@huntario huntario self-assigned this Jul 24, 2024
Copy link
Contributor

@huntario huntario left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💚
To test this out I used npm link to install this PR as a dependency of storefront-renderer-2 and then ran it locally.

I added this to my home.html template file

<div class="container">
    {{#block "__proto__"}}STRF-12281 {{/block}}
</div>

This causes the store to throw an error
Screenshot 2024-07-24 at 11 54 58 AM

However, when I run STRF2 with this update, the server error no longer occurs and the error is handled
Screenshot 2024-07-24 at 11 54 23 AM

@jordanarldt jordanarldt merged commit acb33f7 into master Jul 24, 2024
2 checks passed
Copy link
Contributor

🎉 This PR is included in version 5.11.1 🎉

The release is available on:

Your semantic-release bot 📦🚀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Development

Successfully merging this pull request may close these issues.

4 participants