Closed realcorvus closed 1 year ago
houllette
commented
1 year ago Nice add, @realcorvus! Will review ASAP and merge in.
I ran into a problem where this branch (master) does not run locally, it just prints the current version of Sobelow and exits.
Good catch, working on a hot-fix now - I'm surprised mix tests didn't pick it up when I threw it in. Another reason why more robust testing is on my immediate roadmap.
realcorvus
commented
1 year ago I just realized there's an issue with the String.replace logic:
String.replace(template_path, "eex", "heex")
iex(1)> template_path = "/Users/hi/lib/test/veryeextreme/show.html.eex"
"/Users/hi/lib/test/veryeextreme/show.html.eex"
iex(2)> String.replace(template_path, "eex", "heex")
"/Users/hi/lib/test/veryheextreme/show.html.heex"
iex(3)> The proper way to do this is by the last three characters of the template_path, will update now.
houllette
commented
1 year ago I had a chance to review and it's looking pretty good!
Something else I figured I should bring up before merging this in - should we be considering the implications of LiveEEx template files (.leex) as well as .heex as part of this PR?
houllette
commented
1 year ago After some external discussion, support for .leex templates will be introduced at a later point in time as a more concerted effort to better support LiveView in Sobelow.
Today, if you're using
HEExfor templates in Phoenix, and have an XSS vulnerability, Sobelow will not detect it. Tested in https://github.com/securityelixir/potion_shopThis branch:
When testing this PR, I ran into a problem where this branch (master) does not run locally, it just prints the current version of Sobelow and exits. To get it running again, go to
lib/mix/tasks/sobelow.ex,line 185and comment out: