Extra 'is object' test required

groue / GRMustache

Flexible and production-ready Mustache templates for MacOS Cocoa and iOS

http://mustache.github.com/

MIT License

1.44k stars 190 forks source link

Extra 'is object' test required #58

Closed jorisroling closed 11 years ago

jorisroling commented 11 years ago

In a stuation where the values sometime is

{
   person:"string"
}

and sometimes is

{ 
  person:{
    name: "string"
  }
}

putting this construct in a template

"The name is {{#person.name}}{{person.name}}{{^}}{{person}}{{/}}"

crashes GRMustache because the function +valueForKey:inObject: in GRMustacheContext.m assumes object is in fact a NSString.

And putting this at the beginning of the function will prevent the crash.

if ([object isKindOfClass:[NSString class]]) {
    return object;
}

Make sense?

Regeards, Joris

groue commented 11 years ago

Hi @jorisroling

I can't reproduce your problem.

GRMustacheVersion version = [GRMustache version];
NSLog(@"GRMustache %d.%d.%d", version.major, version.minor, version.patch);

NSString *templateString = @"The name is {{#person.name}}{{person.name}}{{^}}{{person}}{{/}}";
GRMustacheTemplate *template = [GRMustacheTemplate templateFromString:templateString error:NULL];

id data1 = @{ @"person": @"string" };
id data2 = @{ @"person": @{ @"name": @"string" } };
NSString *rendering1 = [template renderObject:data1 error:NULL];
NSString *rendering2 = [template renderObject:data2 error:NULL];

NSLog(@"%@", rendering1);
NSLog(@"%@", rendering2);

What is your output of this program? I personnaly get the expected output, wihout any crash:

GRMustache 6.7.5
The name is string
The name is string

jorisroling commented 11 years ago

Thanks for your swift reply.

Your program does not actually crash, but it does throw an exception (see image) screen shot 2013-08-01 at 14 31 53

I have an Symbolic Breakpoint on objc_exception_throw which made me think it was an actual crash.

Even so... should the exception (by NSObject) not be prevented? It happens because you treat an NSString as an NSDictionary with:

[object valueForKey:key]

Cheers, Joris

groue commented 11 years ago

OK, now I get it. You suffer from "NSUndefinedKeyException attack", a classic problem that occurs when GRMustache has to try several objects until it finds the one that provides a particular key.

Fortunately, there is a solution :smile::

https://github.com/groue/GRMustache/blob/master/Guides/runtime.md#nsundefinedkeyexception-prevention

jorisroling commented 11 years ago

Thanks a lot! That solved the issue.

Cheers, Joris

On Aug 1, 2013, at 15:10, Gwendal Roué notifications@github.com wrote:

OK, now I get it. You suffer from "NSUndefinedKeyException attack", a classic problem that occurs when GRMustache has to try several objects until it finds the one that provides a particular key.

Fortunately, there is a solution :

https://github.com/groue/GRMustache/blob/master/Guides/runtime.md#nsundefinedkeyexception-prevention

— Reply to this email directly or view it on GitHub.

groue commented 11 years ago

Great! Happy Mustache, Joris!