@jsreport/jsreport-core 4.3.0 → 4.3.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/README.md
CHANGED
|
@@ -282,6 +282,10 @@ jsreport.documentStore.collection('templates')
|
|
|
282
282
|
|
|
283
283
|
## Changelog
|
|
284
284
|
|
|
285
|
+
### 4.3.1
|
|
286
|
+
|
|
287
|
+
- fix `waitForAsyncHelper`, `waitForAsyncHelpers` not working with trustUserCode: true
|
|
288
|
+
|
|
285
289
|
### 4.3.0
|
|
286
290
|
|
|
287
291
|
- expose safe properties of `req.context.user` in sandbox
|
|
@@ -14,7 +14,7 @@ module.exports = (reporter) => {
|
|
|
14
14
|
|
|
15
15
|
reporter.templatingEngines = { cache: templatesCache }
|
|
16
16
|
|
|
17
|
-
const contextExecutionChainMap = new
|
|
17
|
+
const contextExecutionChainMap = new Map()
|
|
18
18
|
const executionFnParsedParamsMap = new Map()
|
|
19
19
|
const executionAsyncResultsMap = new Map()
|
|
20
20
|
const executionAsyncCallChainMap = new Map()
|
|
@@ -69,7 +69,7 @@ module.exports = (reporter) => {
|
|
|
69
69
|
return templatingEnginesEvaluate(false, executionInfo, entityInfo, req)
|
|
70
70
|
},
|
|
71
71
|
waitForAsyncHelper: async (maybeAsyncContent) => {
|
|
72
|
-
const executionChain = contextExecutionChainMap.get(context) || []
|
|
72
|
+
const executionChain = contextExecutionChainMap.get(context.__sandboxId) || []
|
|
73
73
|
const executionId = executionChain[executionChain.length - 1]
|
|
74
74
|
|
|
75
75
|
if (
|
|
@@ -99,7 +99,7 @@ module.exports = (reporter) => {
|
|
|
99
99
|
return content
|
|
100
100
|
},
|
|
101
101
|
waitForAsyncHelpers: async () => {
|
|
102
|
-
const executionChain = contextExecutionChainMap.get(context) || []
|
|
102
|
+
const executionChain = contextExecutionChainMap.get(context.__sandboxId) || []
|
|
103
103
|
const executionId = executionChain[executionChain.length - 1]
|
|
104
104
|
|
|
105
105
|
if (executionId != null && executionAsyncResultsMap.has(executionId)) {
|
|
@@ -115,7 +115,7 @@ module.exports = (reporter) => {
|
|
|
115
115
|
}
|
|
116
116
|
},
|
|
117
117
|
addFinishListener: (fn) => {
|
|
118
|
-
const executionChain = contextExecutionChainMap.get(context) || []
|
|
118
|
+
const executionChain = contextExecutionChainMap.get(context.__sandboxId) || []
|
|
119
119
|
const executionId = executionChain[executionChain.length - 1]
|
|
120
120
|
|
|
121
121
|
if (executionId && executionFinishListenersMap.has(executionId)) {
|
|
@@ -123,7 +123,7 @@ module.exports = (reporter) => {
|
|
|
123
123
|
}
|
|
124
124
|
},
|
|
125
125
|
createAsyncHelperResult: (v) => {
|
|
126
|
-
const executionChain = contextExecutionChainMap.get(context) || []
|
|
126
|
+
const executionChain = contextExecutionChainMap.get(context.__sandboxId) || []
|
|
127
127
|
const executionId = executionChain[executionChain.length - 1]
|
|
128
128
|
|
|
129
129
|
const asyncResultMap = executionAsyncResultsMap.get(executionId)
|
|
@@ -170,6 +170,7 @@ module.exports = (reporter) => {
|
|
|
170
170
|
|
|
171
171
|
const normalizedHelpers = `${helpers || ''}`
|
|
172
172
|
const executionFnParsedParamsKey = `entity:${entity.shortid || 'anonymous'}:helpers:${normalizedHelpers}`
|
|
173
|
+
let sandboxId
|
|
173
174
|
|
|
174
175
|
const initFn = async (getTopLevelFunctions, compileScript) => {
|
|
175
176
|
if (systemHelpersCache != null) {
|
|
@@ -213,14 +214,15 @@ module.exports = (reporter) => {
|
|
|
213
214
|
}
|
|
214
215
|
|
|
215
216
|
const executionFn = async ({ require, console, topLevelFunctions, context }) => {
|
|
217
|
+
sandboxId = context.__sandboxId
|
|
216
218
|
const asyncResultMap = new Map()
|
|
217
219
|
const asyncCallChainSet = new Set()
|
|
218
220
|
|
|
219
|
-
if (!contextExecutionChainMap.has(
|
|
220
|
-
contextExecutionChainMap.set(
|
|
221
|
+
if (!contextExecutionChainMap.has(sandboxId)) {
|
|
222
|
+
contextExecutionChainMap.set(sandboxId, [])
|
|
221
223
|
}
|
|
222
224
|
|
|
223
|
-
contextExecutionChainMap.get(
|
|
225
|
+
contextExecutionChainMap.get(sandboxId).push(executionId)
|
|
224
226
|
|
|
225
227
|
executionAsyncResultsMap.set(executionId, asyncResultMap)
|
|
226
228
|
executionAsyncCallChainMap.set(executionId, asyncCallChainSet)
|
|
@@ -302,7 +304,7 @@ module.exports = (reporter) => {
|
|
|
302
304
|
|
|
303
305
|
await executionFinishListenersMap.get(executionId).fire()
|
|
304
306
|
|
|
305
|
-
contextExecutionChainMap.set(
|
|
307
|
+
contextExecutionChainMap.set(sandboxId, contextExecutionChainMap.get(sandboxId).filter((id) => id !== executionId))
|
|
306
308
|
|
|
307
309
|
return {
|
|
308
310
|
// handlebars escapes single brackets before execution to prevent errors on {#asset}
|
|
@@ -387,6 +389,10 @@ module.exports = (reporter) => {
|
|
|
387
389
|
}
|
|
388
390
|
|
|
389
391
|
throw newError
|
|
392
|
+
} finally {
|
|
393
|
+
if (sandboxId != null) {
|
|
394
|
+
contextExecutionChainMap.delete(sandboxId)
|
|
395
|
+
}
|
|
390
396
|
}
|
|
391
397
|
}
|
|
392
398
|
|
|
@@ -25,6 +25,9 @@ module.exports = function createRunInSandbox (reporter) {
|
|
|
25
25
|
// it may turn out it is a bad approach in assets so we gonna delete it here
|
|
26
26
|
const executionFnName = `${nanoid()}_executionFn`
|
|
27
27
|
|
|
28
|
+
// creating new id different than execution to ensure user code can not get access to
|
|
29
|
+
// internal functions by using the __sandboxId
|
|
30
|
+
context.__sandboxId = nanoid()
|
|
28
31
|
context[executionFnName] = executionFn
|
|
29
32
|
context.__appDirectory = reporter.options.appDirectory
|
|
30
33
|
context.__rootDirectory = reporter.options.rootDirectory
|