search

jupyterlab / extension-template

A `copier` template for JupyterLab extensions
Creative Commons Zero v1.0 Universal
54 stars 17 forks source link

Extension description from user input leads to broken `jlpm build` #48

Closed gplasky closed 10 months ago

gplasky commented 1 year ago

Description

Following the instructions in the extension tutorial, during the copier copy https://github.com/jupyterlab/extension-template . step, one is prompted to enter an extension description. If the user enters a single quote anywhere in the description (e.g. as an apostrophe), that will break the extension build when running pip install -ve . later in the instructions.

Reproduce

  1. Follow the extension tutorial
  2. Run copier as instructed.
  3. Add an extension description that includes a single quote (') anywhere within.
  4. Proceed through the instructions to the build step which has you run pip install -ve .
  5. Observe the following error during build:
INFO:hatch_jupyter_builder.utils:> /private/var/folders/yx/49ml7j3s7t31pwd25pyj6rb800n42n/T/pip-build-env-tcyq9c22/overlay/bin/jlpm run install:extension
  src/index.ts(11,59): error TS1005: ',' expected.

Inspecting src/index.ts at the given line number and character reveals the single quote breaking the description k:v pair.

Expected behavior

Single quotes provided by user in the description (or any user-submitted text) should either be escaped or stripped.

Context

welcome[bot] commented 1 year ago

Thank you for opening your first issue in this project! Engagement like this is essential for open source projects! :hugs:
If you haven't done so already, check out Jupyter's Code of Conduct. Also, please try to follow the issue template as it helps other other community members to contribute more effectively. welcome You can meet the other Jovyans by joining our Discourse forum. There is also an intro thread there where you can stop by and say Hi! :wave:
Welcome to the Jupyter community! :tada:

fcollonval commented 11 months ago

Thanks for reaching out @gplasky

Would you be willing to open a PR to fix that?

Technically what need to be done is probably to change the code in the following two places:

https://github.com/jupyterlab/extension-template/blob/fcd01842647ba08a29512c940010b4938ba65600/template/package.json.jinja#L4

Should become

"description": "{{ project_short_description | replace('"', '\\"') }}"

https://github.com/jupyterlab/extension-template/blob/fcd01842647ba08a29512c940010b4938ba65600/template/src/index.ts.jinja#L17

 description: '{{ project_short_description | replace("'", "\\'") }}',