From 6a3b33ecc15c2053403d659f62dd57c44fd38b52 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Valim?= Date: Fri, 27 Oct 2023 20:59:00 +0200 Subject: [PATCH] Do not taint on |> var --- lib/phoenix_live_view/engine.ex | 7 +++++++ test/phoenix_live_view/engine_test.exs | 13 +++++++++++++ 2 files changed, 20 insertions(+) diff --git a/lib/phoenix_live_view/engine.ex b/lib/phoenix_live_view/engine.ex index b8905e070d..02afa5bb2f 100644 --- a/lib/phoenix_live_view/engine.ex +++ b/lib/phoenix_live_view/engine.ex @@ -1002,6 +1002,13 @@ defmodule Phoenix.LiveView.Engine do {expr, vars, assigns} end + # Ignore right side of |> if a variable + defp analyze({:|>, meta, [left, {_, _, context} = right]}, vars, assigns, caller) + when is_atom(context) do + {left, vars, assigns} = analyze(left, vars, assigns, caller) + {{:|>, meta, [left, right]}, vars, assigns} + end + # Ignore binary modifiers defp analyze({:"::", meta, [left, right]}, vars, assigns, caller) do {left, vars, assigns} = analyze(left, vars, assigns, caller) diff --git a/test/phoenix_live_view/engine_test.exs b/test/phoenix_live_view/engine_test.exs index fc1cd4051c..45dc4f2043 100644 --- a/test/phoenix_live_view/engine_test.exs +++ b/test/phoenix_live_view/engine_test.exs @@ -303,6 +303,19 @@ defmodule Phoenix.LiveView.EngineTest do assert changed(template, %{}, %{}) == ["3", "3"] end + test "does not render dynamic if it has variables on the right side of the pipe" do + template = "<%= @foo |> Kernel.+(@bar) |> is_integer %>" + assert changed(template, %{foo: 1, bar: 2}, nil) == ["true"] + assert changed(template, %{foo: 1, bar: 2}, %{}) == [nil] + assert changed(template, %{foo: 1, bar: 2}, %{foo: true}) == ["true"] + assert changed(template, %{foo: 1, bar: 2}, %{bar: true}) == ["true"] + + template = "<%= @foo |> is_integer |> is_boolean %>" + assert changed(template, %{foo: 1}, nil) == ["true"] + assert changed(template, %{foo: 1}, %{}) == [nil] + assert changed(template, %{foo: 1}, %{foo: true}) == ["true"] + end + test "does not render dynamic for special variables" do template = "<%= __MODULE__ %>" assert changed(template, %{}, nil) == [""]