[PATCH STABLE] templater: catch parsing error for sub

Matt Mackall mpm at selenic.com
Mon May 13 17:34:57 CDT 2013


On Mon, 2013-05-13 at 12:46 -0500, Sean Farley wrote:
> # HG changeset patch
> # User Sean Farley <sean.michael.farley at gmail.com>
> # Date 1368464142 18000
> #      Mon May 13 11:55:42 2013 -0500
> # Branch stable
> # Node ID 1e85222b91951651ea8f8fc3de1af4320a79bd7c
> # Parent  12dbdd348bb0977366200bf96cb6d2afa85faf13
> templater: catch parsing error for sub
> 
> This follows d8d548d868d3, which added template expansion for the sub function,
> to fix the case where the description contained a curly brace (i.e. not part of
> any template). This patch simply wraps the templater call into a try statement.
> 
> Test coverage has been added.

...

> -  $ hg tag -r 3 -m at3 -d '10 0' at3
> +  $ hg tag -r 3 -m 'at3 with {' -d '10 0' at3

> +Test the sub function of templating that doesn't throw an error:
> +
> +  $ hg log -R latesttag -r 10 --template '{sub("{", r"\{", desc)}\n'
> +  at3 with \{

Hmm, something is deeply wrong here. We should not be interpreting
commit messages as templates, ever. That's how you get XSS attacks.

In the earler patch you have:

+  $ hg log -R latesttag -r 10 --template '{sub("[0-9]", "x",
"{rev}")}\n'

That's great, that's a literal template. Expand away. But here we've
got:

+  $ hg log -R latesttag -r 10 --template '{sub("{", r"\{", desc)}\n'

..which suggests we're dereferencing the value of desc and expanding it
as a template, which is bad bad bad. Perhaps we need a helper function
that:

- looks at the arg
- if symbol, return its value
- if literal string, run the template and return as a string

-- 
Mathematics is the supreme nostalgia of our time.




More information about the Mercurial-devel mailing list