search

nprapps / interactive-template

A Node-based template for starting news apps and interactive pages
MIT License
62 stars 20 forks source link

String fed to template wizard is not escaped before insertion in `package.json`, causes error #9

Closed benlk closed 5 years ago

benlk commented 5 years ago

Example run:

$ grunt-init interactive 
Running "init:interactive" (init) task
This task will create one or more files in the current directory, based on the
environment and the answers to a few questions. Note that answering "?" to any
question will show question-specific help and answering "none" to most questions
will leave its value blank.

Please answer the following:
[?] Author name (Ben Keith) Ben Keith
[?] app_name (example) example
[?] app_description A string with "quoted title"
[?] github_repo (nprapps/rmpbs) benlk/example
[?] Do you need to make any changes to the above before continuing? (y/N) n

Which ends as:


Installing Node modules...
 npm ERR! file /Users/blk/inn/project-notes/rmpbs/package.json
npm ERR! code EJSONPARSE
npm ERR! JSON.parse Failed to parse json
npm ERR! JSON.parse Unexpected token B in JSON at position 77 while parsing near '...ocky Mountain PBS' "Beyond Columbine"",
npm ERR! JSON.parse ...'
npm ERR! JSON.parse Failed to parse package.json data.
npm ERR! JSON.parse package.json must be actual JSON, not just JavaScript.

npm ERR! A complete log of this run can be found in:
npm ERR!     /Users/blk/.npm/_logs/2019-03-25T21_21_33_879Z-debug.log

Initialized from template "interactive".

Done, without errors.

package.json looks like this:

{
  "name": "example",
  "description": "A string with "quoted title"",
  "version": "0.0.1",
  "author": "Ben Keith",
  "repository": {
    "type": "git",
    "url": "https://github.com/benlk/example.git"
  },
  "dependencies": {
  },
  "browser": {
  },
  "browserify": {
  }
}

So:

thomaswilburn commented 5 years ago

Don't do that.

I can see checking the return code from the npm install, and I don't have a problem with a pull request to do that. But there's a limit on how much I want to try to second-guess grunt-init, and you're the first person in five years of pretty solid use to try to feed a quoted string to the generator.

benlk commented 5 years ago

That's an okay solution.