Skip to content

Commit

Permalink
fix: ensure template names are valid identifiers (#3438)
Browse files Browse the repository at this point in the history
  • Loading branch information
ForbesLindesay authored May 24, 2024
1 parent 4767caf commit 32acfe8
Showing 1 changed file with 22 additions and 0 deletions.
22 changes: 22 additions & 0 deletions packages/pug-code-gen/index.js
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,10 @@ function toConstant(src) {
return constantinople.toConstant(src, {pug: runtime, pug_interp: undefined});
}

function isIdentifier(name) {
return /^[a-zA-Z_$][a-zA-Z0-9_$]*$/.test(name);
}

/**
* Initialize `Compiler` with the given `node`.
*
Expand All @@ -62,6 +66,23 @@ function Compiler(node, options) {
'The pretty parameter should either be a boolean or whitespace only string'
);
}
if (this.options.templateName && !isIdentifier(this.options.templateName)) {
throw new Error(
'The templateName parameter must be a valid JavaScript identifier if specified.'
);
}
if (
this.doctype &&
(this.doctype.includes('<') || this.doctype.includes('>'))
) {
throw new Error('Doctype can not contain "<" or ">"');
}
if (this.options.globals && !this.options.globals.every(isIdentifier)) {
throw new Error(
'The globals option must be an array of valid JavaScript identifiers if specified.'
);
}

this.debug = false !== options.compileDebug;
this.indents = 0;
this.parentIndents = 0;
Expand Down Expand Up @@ -167,6 +188,7 @@ Compiler.prototype = {
');' +
'}';
}

return (
buildRuntime(this.runtimeFunctionsUsed) +
'function ' +
Expand Down

0 comments on commit 32acfe8

Please sign in to comment.