Skip to content

Commit

Permalink
Sanitize filename for display
Browse files Browse the repository at this point in the history
  • Loading branch information
@mde
mde committed Feb 6, 2021
1 parent 289b0dc commit abaee2b
Showing 1 changed file with 4 additions and 3 deletions.
7 changes: 4 additions & 3 deletions lib/ejs.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -578,6 +578,8 @@ Template.prototype = {
var escapeFn = opts.escapeFunction;
/** @type {FunctionConstructor} */
var ctor;
/** @type {string} */
var sanitizedFilename = opts.filename ? JSON.stringify(opts.filename) : 'undefined';

if (!this.source) {
this.generateSource();
Expand Down Expand Up @@ -609,8 +611,7 @@ Template.prototype = {
if (opts.compileDebug) {
src = 'var __line = 1' + '\n'
+ ' , __lines = ' + JSON.stringify(this.templateText) + '\n'
+ ' , __filename = ' + (opts.filename ?
JSON.stringify(opts.filename) : 'undefined') + ';' + '\n'
+ ' , __filename = ' + sanitizedFilename + ';' + '\n'
+ 'try {' + '\n'
+ this.source
+ '} catch (e) {' + '\n'
Expand All @@ -636,7 +637,7 @@ Template.prototype = {
}
if (opts.compileDebug && opts.filename) {
src = src + '\n'
+ '//# sourceURL=' + opts.filename + '\n';
+ '//# sourceURL=' + sanitizedFilename + '\n';

This comment has been minimized.

Sign in to view

Copy link
@ExE-Boss

ExE-Boss Feb 6, 2021
edited

Collaborator

This should be using:

'//# sourceURL=' + encodeURI(opts.filename) + '\n'

This is because sourceURL expects an unquoted URI.
}

try {
Expand Down

0 comments on commit abaee2b

Please sign in to comment.