apps/packages/handlebars/src/register-allowed-helpers.test.ts at b6a3867d77b0ed74cbdf0f400d65df2676cc8b45 · saleor/apps · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
import Handlebars from "handlebars";
import handlebarsHelpers from "handlebars-helpers";
import { beforeEach, describe, expect, it } from "vitest";

import { ALLOWED_HELPERS } from "./allowed-helpers";
import { registerAllowedHelpers } from "./register-allowed-helpers";

const allAllowedHelpers = Object.entries(ALLOWED_HELPERS).flatMap(([group, names]) =>
  names.map((name) => ({ group, name })),
);

describe("registerAllowedHelpers", () => {
  let hbs: typeof Handlebars;

  beforeEach(() => {
    hbs = Handlebars.create();
  });

  describe("registers each allowed helper", () => {
    it.each(allAllowedHelpers)(
      "registers $group helper: $name",
      ({ name }) => {
        registerAllowedHelpers(hbs, handlebarsHelpers);

        expect(hbs.helpers[name], `Expected helper "${name}" to be registered`).toBeDefined();
      },
    );
  });

  it("does not register helpers beyond the allow list", () => {
    registerAllowedHelpers(hbs, handlebarsHelpers);

    const builtInHelpers = new Set(Object.keys(Handlebars.create().helpers));
    const allowedNames = new Set(Object.values(ALLOWED_HELPERS).flat());

    const registeredCustomHelpers = Object.keys(hbs.helpers).filter(
      (name) => !builtInHelpers.has(name),
    );

    registeredCustomHelpers.forEach((name) => {
      expect(
        allowedNames.has(name),
        `Helper "${name}" was registered but is not in ALLOWED_HELPERS`,
      ).toBe(true);
    });
  });

  describe("removed groups are not loaded", () => {
    it.each(["fs", "logging", "markdown", "match"])(
      "does not include removed group: %s",
      (group) => {
        expect(
          ALLOWED_HELPERS[group],
          `Group "${group}" should not be in ALLOWED_HELPERS`,
        ).toBeUndefined();
      },
    );
  });

  describe("dangerous object helpers are not registered", () => {
    it.each(["extend", "merge"])(
      "does not register dangerous object helper: %s",
      (name) => {
        registerAllowedHelpers(hbs, handlebarsHelpers);

        expect(hbs.helpers[name], `Helper "${name}" should NOT be registered`).toBeUndefined();
      },
    );
  });

  describe("individually removed helpers are not registered", () => {
    it.each(["embed", "resolve"])(
      "does not register removed helper: %s",
      (name) => {
        registerAllowedHelpers(hbs, handlebarsHelpers);

        expect(hbs.helpers[name], `Helper "${name}" should NOT be registered`).toBeUndefined();
      },
    );
  });

  it("allows using comparison helpers in templates", () => {
    registerAllowedHelpers(hbs, handlebarsHelpers);

    const template = hbs.compile('{{#eq foo "bar"}}yes{{else}}no{{/eq}}');

    expect(template({ foo: "bar" })).toBe("yes");
    expect(template({ foo: "baz" })).toBe("no");
  });

  it("allows using string helpers in templates", () => {
    registerAllowedHelpers(hbs, handlebarsHelpers);

    const template = hbs.compile("{{uppercase name}}");

    expect(template({ name: "hello" })).toBe("HELLO");
  });

  it("allows using math helpers in templates", () => {
    registerAllowedHelpers(hbs, handlebarsHelpers);

    const template = hbs.compile("{{add a b}}");

    expect(template({ a: 1, b: 2 })).toBe("3");
  });

  it("throws when using a helper that was not registered", () => {
    const template = hbs.compile("{{unknownHelper foo}}");

    expect(() => template({ foo: "bar" })).toThrow();
  });
});