fix: safely stringify raw lines

edge-js · Mar 12, 2020 · 48ed63c · 48ed63c
1 parent 0ad9fc7
commit 48ed63c
Show file tree

Hide file tree

Showing 34 changed files with 73 additions and 49 deletions.
diff --git a/fixtures/array-w-identifiers/index.js b/fixtures/array-w-identifiers/index.js
@@ -3,7 +3,7 @@ let out = '';
 ctx.$lineNumber = 1;
 ctx.$filename = '{{ __dirname }}index.edge';
 try {
-out += 'The even numbers are ';
+out += "The even numbers are ";
 out += `${ctx.escape([ctx.resolve('num1'), ctx.resolve('num2'), ctx.resolve('num3')].filter(num => num % 2 === 0))}`;
 } catch (error) {
 ctx.reThrow(error);

diff --git a/fixtures/arrays/index.js b/fixtures/arrays/index.js
@@ -3,7 +3,7 @@ let out = '';
 ctx.$lineNumber = 1;
 ctx.$filename = '{{ __dirname }}index.edge';
 try {
-out += 'The even numbers are ';
+out += "The even numbers are ";
 out += `${ctx.escape([1, 2, 3, 4].filter(num => num % 2 === 0))}`;
 } catch (error) {
 ctx.reThrow(error);

diff --git a/fixtures/assignment-expression-callable/index.js b/fixtures/assignment-expression-callable/index.js
@@ -4,7 +4,7 @@ ctx.$lineNumber = 1;
 ctx.$filename = '{{ __dirname }}index.edge';
 try {
 out += `${ctx.escape(name = ctx.resolve('username').toUpperCase())}`;
-out += '\n';
+out += "\n";
 ctx.$lineNumber = 2;
 out += `${ctx.escape(name = ctx.resolve('getUser')().username)}`;
 } catch (error) {

diff --git a/fixtures/binary-expressions/index.js b/fixtures/binary-expressions/index.js
@@ -4,7 +4,7 @@ ctx.$lineNumber = 1;
 ctx.$filename = '{{ __dirname }}index.edge';
 try {
 out += `${ctx.escape(2 + 2)}`;
-out += ' = 4';
+out += " = 4";
 } catch (error) {
 ctx.reThrow(error);
 }

diff --git a/fixtures/complex-function-calls/index.js b/fixtures/complex-function-calls/index.js
@@ -3,7 +3,7 @@ let out = '';
 ctx.$lineNumber = 1;
 ctx.$filename = '{{ __dirname }}index.edge';
 try {
-out += 'Hello ';
+out += "Hello ";
 out += `${ctx.escape(ctx.resolve('upper')(ctx.resolve('auth').user.getUsername()))}`;
 } catch (error) {
 ctx.reThrow(error);

diff --git a/fixtures/escape-tags-multiline/index.js b/fixtures/escape-tags-multiline/index.js
@@ -3,10 +3,10 @@ let out = '';
 ctx.$lineNumber = 1;
 ctx.$filename = '{{ __dirname }}index.edge';
 try {
-out += '@if(';
-out += '  2 + 2 === 4';
-out += ')';
-out += '@endif';
+out += "@if(";
+out += "  2 + 2 === 4";
+out += ")";
+out += "@endif";
 } catch (error) {
 ctx.reThrow(error);
 }

diff --git a/fixtures/escape-tags-with-backticks/index.js b/fixtures/escape-tags-with-backticks/index.js
@@ -3,8 +3,8 @@ let out = '';
 ctx.$lineNumber = 1;
 ctx.$filename = '{{ __dirname }}index.edge';
 try {
-out += '@if(`i${username}` === \'ivirk\')';
-out += '@endif';
+out += "@if(`i${username}` === 'ivirk')";
+out += "@endif";
 } catch (error) {
 ctx.reThrow(error);
 }

diff --git a/fixtures/escape-tags-with-content/index.js b/fixtures/escape-tags-with-content/index.js
@@ -3,11 +3,11 @@ let out = '';
 ctx.$lineNumber = 1;
 ctx.$filename = '{{ __dirname }}index.edge';
 try {
-out += '@if(username)';
-out += '  Hello ';
+out += "@if(username)";
+out += "  Hello ";
 ctx.$lineNumber = 2;
 out += `${ctx.escape(ctx.resolve('username'))}`;
-out += '@endif';
+out += "@endif";
 } catch (error) {
 ctx.reThrow(error);
 }

diff --git a/fixtures/escape-tags/index.js b/fixtures/escape-tags/index.js
@@ -3,8 +3,8 @@ let out = '';
 ctx.$lineNumber = 1;
 ctx.$filename = '{{ __dirname }}index.edge';
 try {
-out += '@if(username)';
-out += '@endif';
+out += "@if(username)";
+out += "@endif";
 } catch (error) {
 ctx.reThrow(error);
 }

diff --git a/fixtures/escaped-mustache-multiline/index.js b/fixtures/escaped-mustache-multiline/index.js
@@ -3,12 +3,12 @@ let out = '';
 ctx.$lineNumber = 1;
 ctx.$filename = '{{ __dirname }}index.edge';
 try {
-out += 'Hello ';
-out += '{{';
-out += '  users.map((user) => {';
-out += '    return user.username';
-out += '  })';
-out += '}}';
+out += "Hello ";
+out += "{{";
+out += "  users.map((user) =\u003E {";
+out += "    return user.username";
+out += "  })";
+out += "}}";
 } catch (error) {
 ctx.reThrow(error);
 }

diff --git a/fixtures/escaped-mustache/index.js b/fixtures/escaped-mustache/index.js
@@ -3,8 +3,8 @@ let out = '';
 ctx.$lineNumber = 1;
 ctx.$filename = '{{ __dirname }}index.edge';
 try {
-out += 'Hello ';
-out += '{{ username }}';
+out += "Hello ";
+out += "{{ username }}";
 } catch (error) {
 ctx.reThrow(error);
 }

diff --git a/fixtures/function-call/index.js b/fixtures/function-call/index.js
@@ -3,7 +3,7 @@ let out = '';
 ctx.$lineNumber = 1;
 ctx.$filename = '{{ __dirname }}index.edge';
 try {
-out += 'Hello ';
+out += "Hello ";
 out += `${ctx.escape(ctx.resolve('upper')(ctx.resolve('username')))}`;
 } catch (error) {
 ctx.reThrow(error);

diff --git a/fixtures/html-script/index.edge b/fixtures/html-script/index.edge
@@ -0,0 +1,3 @@
+<script>
+  var reg = /\+/g
+</script>
diff --git a/fixtures/html-script/index.js b/fixtures/html-script/index.js
@@ -0,0 +1,15 @@
+return (function (template, ctx) {
+let out = '';
+ctx.$lineNumber = 1;
+ctx.$filename = '{{ __dirname }}index.edge';
+try {
+out += "\u003Cscript\u003E";
+out += "\n";
+out += "  var reg = \u002F\\+\u002Fg";
+out += "\n";
+out += "\u003C\u002Fscript\u003E";
+} catch (error) {
+ctx.reThrow(error);
+}
+return out;
+})(template, ctx)
diff --git a/fixtures/multiline-expressions/index.js b/fixtures/multiline-expressions/index.js
@@ -3,7 +3,7 @@ let out = '';
 ctx.$lineNumber = 1;
 ctx.$filename = '{{ __dirname }}index.edge';
 try {
-out += 'Your friends are ';
+out += "Your friends are ";
 out += `${ctx.escape(ctx.resolve('users').map(user => {
   return user.username;
 }))}`;

diff --git a/fixtures/multiline-template-literals/index.js b/fixtures/multiline-template-literals/index.js
@@ -3,7 +3,7 @@ let out = '';
 ctx.$lineNumber = 1;
 ctx.$filename = '{{ __dirname }}index.edge';
 try {
-out += 'Your friends are ';
+out += "Your friends are ";
 out += ctx.escape(`${ctx.resolve('users').map(user => {
   return user.username;
 })}`);

diff --git a/fixtures/mustache-template-literals/index.js b/fixtures/mustache-template-literals/index.js
@@ -3,7 +3,7 @@ let out = '';
 ctx.$lineNumber = 1;
 ctx.$filename = '{{ __dirname }}index.edge';
 try {
-out += 'Hello ';
+out += "Hello ";
 out += ctx.escape(`${ctx.resolve('username')} - ${ctx.resolve('age')}`);
 } catch (error) {
 ctx.reThrow(error);

diff --git a/fixtures/mustache/index.js b/fixtures/mustache/index.js
@@ -3,7 +3,7 @@ let out = '';
 ctx.$lineNumber = 1;
 ctx.$filename = '{{ __dirname }}index.edge';
 try {
-out += 'Hello ';
+out += "Hello ";
 out += `${ctx.escape(ctx.resolve('username'))}`;
 } catch (error) {
 ctx.reThrow(error);

diff --git a/fixtures/nested-binary-expression/index.js b/fixtures/nested-binary-expression/index.js
@@ -4,7 +4,7 @@ ctx.$lineNumber = 1;
 ctx.$filename = '{{ __dirname }}index.edge';
 try {
 out += `${ctx.escape((2 + 2) * 4)}`;
-out += ' = 16';
+out += " = 16";
 } catch (error) {
 ctx.reThrow(error);
 }

diff --git a/fixtures/prop-function-args/index.js b/fixtures/prop-function-args/index.js
@@ -3,7 +3,7 @@ let out = '';
 ctx.$lineNumber = 1;
 ctx.$filename = '{{ __dirname }}index.edge';
 try {
-out += 'Hello ';
+out += "Hello ";
 out += `${ctx.escape(ctx.resolve('username').toString(true))}`;
 } catch (error) {
 ctx.reThrow(error);

diff --git a/fixtures/prop-function/index.js b/fixtures/prop-function/index.js
@@ -3,7 +3,7 @@ let out = '';
 ctx.$lineNumber = 1;
 ctx.$filename = '{{ __dirname }}index.edge';
 try {
-out += 'Hello ';
+out += "Hello ";
 out += `${ctx.escape(ctx.resolve('username').toUpperCase())}`;
 } catch (error) {
 ctx.reThrow(error);

diff --git a/fixtures/raw-with-quotes/index.js b/fixtures/raw-with-quotes/index.js
@@ -3,7 +3,7 @@ let out = '';
 ctx.$lineNumber = 1;
 ctx.$filename = '{{ __dirname }}index.edge';
 try {
-out += 'This is Susan\'s pet.';
+out += "This is Susan's pet.";
 } catch (error) {
 ctx.reThrow(error);
 }

diff --git a/fixtures/safe-mustache-escaped/index.js b/fixtures/safe-mustache-escaped/index.js
@@ -3,8 +3,8 @@ let out = '';
 ctx.$lineNumber = 1;
 ctx.$filename = '{{ __dirname }}index.edge';
 try {
-out += 'Hello ';
-out += '{{{ username }}}';
+out += "Hello ";
+out += "{{{ username }}}";
 } catch (error) {
 ctx.reThrow(error);
 }

diff --git a/fixtures/safe-mustache-interpol/index.js b/fixtures/safe-mustache-interpol/index.js
@@ -3,7 +3,7 @@ let out = '';
 ctx.$lineNumber = 1;
 ctx.$filename = '{{ __dirname }}index.edge';
 try {
-out += 'Hello ';
+out += "Hello ";
 out += `${ctx.resolve('greeting')}`;
 } catch (error) {
 ctx.reThrow(error);

diff --git a/fixtures/safe-mustache/index.js b/fixtures/safe-mustache/index.js
@@ -3,7 +3,7 @@ let out = '';
 ctx.$lineNumber = 1;
 ctx.$filename = '{{ __dirname }}index.edge';
 try {
-out += 'Hello ';
+out += "Hello ";
 out += `${'<p> World </p>'}`;
 } catch (error) {
 ctx.reThrow(error);

diff --git a/fixtures/sequence-expression/index.js b/fixtures/sequence-expression/index.js
@@ -3,7 +3,7 @@ let out = '';
 ctx.$lineNumber = 1;
 ctx.$filename = '{{ __dirname }}index.edge';
 try {
-out += 'Hello ';
+out += "Hello ";
 out += `${ctx.escape((true, false))}`;
 } catch (error) {
 ctx.reThrow(error);

diff --git a/fixtures/unary-expression/index.js b/fixtures/unary-expression/index.js
@@ -3,7 +3,7 @@ let out = '';
 ctx.$lineNumber = 1;
 ctx.$filename = '{{ __dirname }}index.edge';
 try {
-out += 'Inspect ';
+out += "Inspect ";
 out += `${ctx.escape(typeof ctx.resolve('username'))}`;
 } catch (error) {
 ctx.reThrow(error);

diff --git a/fixtures/with-backticks/index.js b/fixtures/with-backticks/index.js
@@ -3,9 +3,9 @@ let out = '';
 ctx.$lineNumber = 1;
 ctx.$filename = '{{ __dirname }}index.edge';
 try {
-out += 'This is ';
+out += "This is ";
 out += `${ctx.escape(ctx.resolve('username'))}`;
-out += '\'s `pet`.';
+out += "'s `pet`.";
 } catch (error) {
 ctx.reThrow(error);
 }

diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -32,7 +32,8 @@
     "acorn": "^7.1.1",
     "astring": "^1.4.3",
     "edge-error": "^1.0.4",
-    "edge-lexer": "^2.1.0"
+    "edge-lexer": "^2.1.0",
+    "js-stringify": "^1.0.2"
   },
   "devDependencies": {
     "@adonisjs/mrm-preset": "^2.2.4",

diff --git a/src/EdgeBuffer/index.ts b/src/EdgeBuffer/index.ts
@@ -8,6 +8,7 @@
 */
 
 import { EOL } from 'os'
+import stringify from 'js-stringify'
 
 /**
  * Buffer class to construct template
@@ -148,8 +149,7 @@ export class EdgeBuffer {
    * Write raw text to the output variable
    */
   public outputRaw (text: string) {
-    text = text.replace(/[']/g, '\\\'')
-    this.buffer.push(`${this.options.outputVar} += '${text}';`)
+    this.buffer.push(`${this.options.outputVar} += ${stringify(text)};`)
   }
 
   /**

diff --git a/src/Parser/index.ts b/src/Parser/index.ts
@@ -137,7 +137,7 @@ export class Parser {
         buffer.outputRaw(token.value)
         break
       case 'newline':
-        buffer.outputRaw(EOL === '\n' ? '\\n' : '\\r\\n')
+        buffer.outputRaw(EOL === '\n' ? '\n' : '\r\n')
         break
       case TagTypes.TAG:
         this.tags[token.properties.name].compile(this, buffer, token as TagToken)

diff --git a/test/buffer.spec.ts b/test/buffer.spec.ts
@@ -41,7 +41,7 @@ test.group('Buffer', () => {
     ctx.$lineNumber = 1;
     ctx.$filename = 'eval.edge';
     try {
-    out += 'hello world';
+    out += "hello world";
     } catch (error) {
     ctx.reThrow(error);
     }
@@ -58,7 +58,7 @@ test.group('Buffer', () => {
     ctx.$lineNumber = 1;
     ctx.$filename = 'eval.edge';
     try {
-    out += '\\'hello world\\'';
+    out += "'hello world'";
     } catch (error) {
     ctx.reThrow(error);
     }
@@ -95,7 +95,7 @@ test.group('Buffer', () => {
     ctx.$filename = 'eval.edge';
     try {
     if (username) {
-    out += 'hello world';
+    out += "hello world";
     ctx.$lineNumber = 3;
     }
     } catch (error) {

diff --git a/test/fixtures.spec.ts b/test/fixtures.spec.ts
@@ -30,7 +30,7 @@ const tags = {
 
 function normalizeNewLines (value: string) {
   // eslint-disable-next-line @typescript-eslint/quotes
-  return value.replace(/out\s\+=\s'\\n'/, `out += ${EOL === '\n' ? `'\\n'` : `'\\r\\n'`}`)
+  return value.replace(/out\s\+=\s"\\n"/g, `out += ${EOL === '\n' ? `"\\n"` : `"\\r\\n"`}`)
 }
 
 test.group('Fixtures', () => {