Fix tags in comment #1345
Fix tags in comment #1345
Conversation
lib/liquid/block_body.rb
Outdated
| @@ -5,7 +5,7 @@ | |||
| module Liquid | |||
| class BlockBody | |||
| LiquidTagToken = /\A\s*(\w+)\s*(.*?)\z/o | |||
| FullToken = /\A#{TagStart}#{WhitespaceControl}?(\s*)(\w+)(\s*)(.*?)#{WhitespaceControl}?#{TagEnd}\z/om | |||
| FullToken = /\A#{TagStart}#{WhitespaceControl}?(\s*)(\S*)(\s*)(.*?)#{WhitespaceControl}?#{TagEnd}\z/om | |||
There was a problem hiding this comment.
This doesn't match the behaviour of liquid-c (https://github.com/Shopify/liquid-c/blob/8a9a0498efbe7566b576d3e1eed8310c84587429/ext/liquid_c/block.c#L157-L166). It looks like the difference is that liquid-c yields the markup as an unknown tag, which the comment tag can then ignore.
There was a problem hiding this comment.
I updated it to yield instead to behave like liquid-c.
peterzhu2118
force-pushed
the
pz-fix-tags-in-comment
branch
from
8ecdc0f
to
d1a08ea
Compare
| @@ -114,7 +114,7 @@ def self.rescue_render_node(context, output, line_number, exc, blank_tag) | |||
| when token.start_with?(TAGSTART) | |||
| whitespace_handler(token, parse_context) | |||
| unless token =~ FullToken | |||
| BlockBody.raise_missing_tag_terminator(token, parse_context) | |||
There was a problem hiding this comment.
liquid-c still calls this if the invalid tag token isn't terminated with %}.
There was a problem hiding this comment.
That is true. Should we just change liquid-c to be consistent with liquid (and call BlockBody.raise_missing_tag_terminator instead of yield)? Should we also change how comments are handled because I think everything inside a comment block should be escaped?
There was a problem hiding this comment.
This doesn't have to be one or the other. We can just check for if token.end_with?('%}') to only call BlockBody.raise_missing_tag_terminator only if the tag terminator is actually missing, which avoids breaking backwards compatibility with liquid templates and provides the more appropriate error message.
Should we also change how comments are handled because I think everything inside a comment block should be escaped?
We have explicitly allowed tags with an invalid tag name (#256) so it seems very likely that this is relied upon.
There was a problem hiding this comment.
But the problem is that for a tag that looks like {% comment %}{% " %}{% endcomment %} is not matched on FullToken (and token.end_with?('%}') is true for {% " %}) in liquid so BlockBody.raise_missing_tag_terminator is called. But in liquid-c, it's yielded back to the caller (from the part you linked in the comment above).
There was a problem hiding this comment.
Exactly, so you want to fix that problem, but not introduce another inconsistency when the tag terminator is actually missing. That's why I am recommending adding an if token.end_with?('%}') conditional here.
For example, Liquid::Template.parse('{% foo') should result in the syntax error Liquid syntax error: Tag '{%' was not properly terminated with regexp: /\%\}/ and not Liquid syntax error: Unknown tag '{%' as the current change would change it to without liquid-c. We could also use a test for the error messages for in this case, rather than just asserting that it results in a syntax error.
There was a problem hiding this comment.
An I see, that makes sense. Thanks for clarifying!
peterzhu2118
force-pushed
the
pz-fix-tags-in-comment
branch
from
897ebeb
to
f621dd8
Compare
peterzhu2118
force-pushed
the
pz-fix-tags-in-comment
branch
from
f621dd8
to
2c0c672
Compare
peterzhu2118
force-pushed
the
pz-fix-tags-in-comment
branch
from
2c0c672
to
abed475
Compare
AFL caught a case where Liquid tags in comments were not treated as plain text. The problem is that tags like
{%%}do not match onFullTokenso we get parsing errors like: