Merge pull request #21 from yahoo/expose-filePath-for-secure-handlebars

Expose filepath for secure-handlebars
YahooArchive · Jul 12, 2015 · 4982bb6 · 4982bb6
2 parents 3a6a9e3 + 915b2ce
commit 4982bb6
Show file tree

Hide file tree

Showing 3 changed files with 23 additions and 4 deletions.
diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "express-secure-handlebars",
-  "version": "2.0.3",
+  "version": "2.0.4",
   "licenses": [
     {
       "type": "BSD",
@@ -38,8 +38,8 @@
   "dependencies": {
     "express-handlebars": "^2.0.1",
     "handlebars": "^3.0.3",
-    "secure-handlebars": "^1.1.0",
-    "xss-filters": "^1.2.2"
+    "secure-handlebars": "^1.1.1",
+    "xss-filters": "^1.2.4"
   },
   "devDependencies": {
     "expect.js": "^0.3.1",

diff --git a/src/express-secure-handlebars.js b/src/express-secure-handlebars.js
@@ -25,6 +25,15 @@ function ExpressSecureHandlebars(config) {
 /* inheriting the express-handlebars */
 util.inherits(ExpressSecureHandlebars, expressHandlebars);
 
+/* override ExpressHandlebars.render() to expose filePath as compilerOptions */
+ExpressSecureHandlebars.prototype.render = function (filePath, context, options) {
+    // expose filePath as processingFile in compilerOptions for secure-handlebars
+    this.compilerOptions || (this.compilerOptions = {});
+    this.compilerOptions.processingFile = filePath;
+
+    return expressHandlebars.prototype.render.call(this, filePath, context, options);
+};
+
 /* exporting the same signature of express-handlebars */
 exports = module.exports  = exphbs;
 exports.create            = create;

diff --git a/tests/unit/run-express-secure-handlebars.js b/tests/unit/run-express-secure-handlebars.js
@@ -11,6 +11,7 @@ Authors: Nera Liu <neraliu@yahoo-inc.com>
 
     require("mocha");
     var expect = require('expect.js'),
+        path = require('path'),
         expressHandlebars = require('express-handlebars'),
         expressSecureHandlebars = require('../../src/express-secure-handlebars.js'),
         handlebars = require('handlebars');
@@ -71,13 +72,22 @@ Authors: Nera Liu <neraliu@yahoo-inc.com>
             expect(t1(data)).to.be.equal(t2(data));
         });
 
-       it("handlebars compile test", function() {
+        it("handlebars compile test", function() {
             var template = '<a href="{{url}}">closed</a>';
             var t1 = expressSecureHandlebars.create().handlebars.compile(template);
             var t2 = expressHandlebars.create().handlebars.compile(template);
 
             expect(t1(data)).not.to.be.equal(t2(data));
         });
+
+        it("handlebars getTemplate test", function() {
+            var templateFile = path.resolve("views/yd.hbs");
+            var expSecureHbs = expressSecureHandlebars.create();
+            expSecureHbs.render(templateFile);
+            expect(expSecureHbs.compilerOptions).to.be.ok();
+            expect(expSecureHbs.compilerOptions.processingFile).to.be.ok();
+            expect(expSecureHbs.compilerOptions.processingFile).to.be.match(/yd\.hbs/);
+        });
     });
 
 }());