feat(render): add logic to enable variable injection escape

This commit is contained in:
Federico Terzi 2021-11-12 22:13:37 +01:00
parent 541c8d462c
commit 0387ba8118
2 changed files with 42 additions and 1 deletions

View File

@ -175,6 +175,8 @@ impl<'a> Renderer for DefaultRenderer<'a> {
template.body.clone() template.body.clone()
}; };
let body = util::unescape_variable_inections(&body);
// Process the casing style // Process the casing style
let body_with_casing = match options.casing_style { let body_with_casing = match options.casing_style {
CasingStyle::None => body, CasingStyle::None => body,
@ -810,6 +812,32 @@ mod tests {
assert!(matches!(res, RenderResult::Success(str) if str == "hello {{first}} two")); assert!(matches!(res, RenderResult::Success(str) if str == "hello {{first}} two"));
} }
#[test]
fn escaped_variable_injection() {
let renderer = get_renderer();
let mut template = template_for_str("hello {{second}}");
template.vars = vec![
Variable {
name: "first".to_string(),
var_type: "mock".to_string(),
params: Params::from_iter(vec![("echo".to_string(), Value::String("one".to_string()))]),
..Default::default()
},
Variable {
name: "second".to_string(),
var_type: "mock".to_string(),
params: Params::from_iter(vec![(
"echo".to_string(),
Value::String("\\{\\{first\\}\\} two".to_string()),
)]),
..Default::default()
},
];
let res = renderer.render(&template, &Default::default(), &Default::default());
assert!(matches!(res, RenderResult::Success(str) if str == "hello {{first}} two"));
}
#[test] #[test]
fn variable_injection_missing_var() { fn variable_injection_missing_var() {
let renderer = get_renderer(); let renderer = get_renderer();
@ -911,4 +939,12 @@ mod tests {
); );
assert!(matches!(res, RenderResult::Success(str) if str == "hello local")); assert!(matches!(res, RenderResult::Success(str) if str == "hello local"));
} }
#[test]
fn variable_escape() {
let renderer = get_renderer();
let template = template("hello \\{\\{var\\}\\}", &[("var", "world")]);
let res = renderer.render(&template, &Default::default(), &Default::default());
assert!(matches!(res, RenderResult::Success(str) if str == "hello {{var}}"));
}
} }

View File

@ -108,7 +108,12 @@ pub(crate) fn render_variables(body: &str, scope: &Scope) -> Result<String> {
return Err(error.into()); return Err(error.into());
} }
Ok(output) let unescaped_output = unescape_variable_inections(&output);
Ok(unescaped_output)
}
pub(crate) fn unescape_variable_inections(body: &str) -> String {
body.replace("\\{\\{", "{{").replace("\\}\\}", "}}")
} }
pub(crate) fn inject_variables_into_params(params: &Params, scope: &Scope) -> Result<Params> { pub(crate) fn inject_variables_into_params(params: &Params, scope: &Scope) -> Result<Params> {