change reporting usage of handlebars to @kbn/handlebars#217778
Merged
pmuellr merged 5 commits intoelastic:mainfrom Apr 29, 2025
Merged
change reporting usage of handlebars to @kbn/handlebars#217778pmuellr merged 5 commits intoelastic:mainfrom
handlebars to @kbn/handlebars#217778pmuellr merged 5 commits intoelastic:mainfrom
Conversation
pmuellr
added
Team:ResponseOps
Contributor
|
Pinging @elastic/response-ops (Team:ResponseOps) |
pmuellr
added
backport:all-open
azasypkin
reviewed
Apr 10, 2025
| async function compileTemplate<T>(pathToTemplate: string): Promise<TemplateDelegate<T>> { | ||
| const contentsBuffer = await fs.readFile(pathToTemplate); | ||
| return Handlebars.compile(contentsBuffer.toString()); | ||
| return Handlebars.compileAST(contentsBuffer.toString()); |
Contributor
There was a problem hiding this comment.
question: can we limit helpers in this context?
return Handlebars.compileAST(contentsBuffer.toString(), { knownHelpersOnly: true });and maybe even?
return Handlebars.compileAST(contentsBuffer.toString(), { knownHelpers: { set all not needed built-in helpers to `false`}, knownHelpersOnly: true });
Contributor
Author
There was a problem hiding this comment.
I suspect we can, since the HB usage here is pretty simple. Simple variable usage, and and #if block/section.
I'm unfamiliar with these options though, so ... any advice?
Contributor
Author
There was a problem hiding this comment.
Just committed this - 69dd2d7 - locking down everything but #if - and it seems to do everything correctly.
Contributor
Author
|
I tested PNG, PDF, and PDF "for print" - there's a problem with PDF "for print" which I suspect is unrelated. (it is a known problem: https://github.com/elastic/response-ops-team/issues/310 ) The other two, the titles work fine, and for PDF setting the footer image in Advanced Settings works fine - renders the image and the "Powered by Elastic" copy. |
pmuellr
added
ci:project-deploy-elasticsearch
Contributor
Author
|
/ci |
pmuellr
removed
the
ci:project-deploy-elasticsearch
Contributor
Author
|
@elasticmachine merge upstream |
azasypkin
approved these changes
Apr 15, 2025
Contributor
azasypkin
left a comment
azasypkin
left a comment
There was a problem hiding this comment.
Looks good from a security perspective, thanks for tightening down Handlebars compile options!
tsullivan
approved these changes
Apr 15, 2025
Member
tsullivan
left a comment
tsullivan
left a comment
There was a problem hiding this comment.
LGTM
Tested the code using a Docker container, no regressions.
Contributor
Author
|
@elasticmachine merge upstream |
Contributor
Author
|
@elasticmachine merge upstream |
Contributor
💛 Build succeeded, but was flaky
Failed CI StepsTest Failures
Metrics [docs]
History
|
Contributor
|
Starting backport for target branches: 7.17, 8.17, 8.18, 8.19, 9.0 https://github.com/elastic/kibana/actions/runs/14730841139 |
kibanamachine
pushed a commit
to kibanamachine/kibana
that referenced
this pull request
Apr 29, 2025
…217778) Change reporting's usage of `handlebars` to `@kbn/handlebars`. Also added a test to ensure user input is HTML escaped (it always has been, this just tests it). There should be no change to the final rendered output, at all. These changes only affect PDF and PNG reports, not CSV reports. (cherry picked from commit 3b5e96a)
kibanamachine
pushed a commit
to kibanamachine/kibana
that referenced
this pull request
Apr 29, 2025
…217778) Change reporting's usage of `handlebars` to `@kbn/handlebars`. Also added a test to ensure user input is HTML escaped (it always has been, this just tests it). There should be no change to the final rendered output, at all. These changes only affect PDF and PNG reports, not CSV reports. (cherry picked from commit 3b5e96a)
kibanamachine
pushed a commit
to kibanamachine/kibana
that referenced
this pull request
Apr 29, 2025
…217778) Change reporting's usage of `handlebars` to `@kbn/handlebars`. Also added a test to ensure user input is HTML escaped (it always has been, this just tests it). There should be no change to the final rendered output, at all. These changes only affect PDF and PNG reports, not CSV reports. (cherry picked from commit 3b5e96a)
Contributor
💔 Some backports could not be created
Note: Successful backport PRs will be merged automatically after passing CI. Manual backportTo create the backport manually run: Questions ?Please refer to the Backport tool documentation |
pmuellr
added a commit
to pmuellr/kibana
that referenced
this pull request
Apr 29, 2025
…217778) Change reporting's usage of `handlebars` to `@kbn/handlebars`. Also added a test to ensure user input is HTML escaped (it always has been, this just tests it). There should be no change to the final rendered output, at all. These changes only affect PDF and PNG reports, not CSV reports. (cherry picked from commit 3b5e96a) # Conflicts: # x-pack/plugins/screenshotting/server/browsers/chromium/templates/index.test.ts
pmuellr
added a commit
to pmuellr/kibana
that referenced
this pull request
Apr 29, 2025
…217778) Change reporting's usage of `handlebars` to `@kbn/handlebars`. Also added a test to ensure user input is HTML escaped (it always has been, this just tests it). There should be no change to the final rendered output, at all. These changes only affect PDF and PNG reports, not CSV reports. (cherry picked from commit 3b5e96a) # Conflicts: # x-pack/platform/plugins/shared/screenshotting/server/browsers/chromium/templates/index.ts # x-pack/platform/plugins/shared/screenshotting/tsconfig.json
Contributor
Author
💚 All backports created successfully
Note: Successful backport PRs will be merged automatically after passing CI. Questions ?Please refer to the Backport tool documentation |
kibanamachine
added a commit
that referenced
this pull request
Apr 29, 2025
…217778) (#219527) # Backport This will backport the following commits from `main` to `8.19`: - [change reporting usage of `handlebars` to `@kbn/handlebars` (#217778)](#217778) <!--- Backport version: 9.6.6 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sorenlouv/backport) <!--BACKPORT [{"author":{"name":"Patrick Mueller","email":"patrick.mueller@elastic.co"},"sourceCommit":{"committedDate":"2025-04-29T12:08:28Z","message":"change reporting usage of `handlebars` to `@kbn/handlebars` (#217778)\n\nChange reporting's usage of `handlebars` to `@kbn/handlebars`. Also\nadded a test to ensure user input is HTML escaped (it always has been,\nthis just tests it).\n\nThere should be no change to the final rendered output, at all. These\nchanges only affect PDF and PNG reports, not CSV reports.","sha":"3b5e96a4b8dc3d2741de658ea9ad7981617fe3db","branchLabelMapping":{"^v9.1.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","Team:ResponseOps","backport:all-open","ci:cloud-deploy","Feature:Reporting:Framework","Feature:Reporting:Screenshot","v9.1.0"],"title":"change reporting usage of `handlebars` to `@kbn/handlebars`","number":217778,"url":"https://github.com/elastic/kibana/pull/217778","mergeCommit":{"message":"change reporting usage of `handlebars` to `@kbn/handlebars` (#217778)\n\nChange reporting's usage of `handlebars` to `@kbn/handlebars`. Also\nadded a test to ensure user input is HTML escaped (it always has been,\nthis just tests it).\n\nThere should be no change to the final rendered output, at all. These\nchanges only affect PDF and PNG reports, not CSV reports.","sha":"3b5e96a4b8dc3d2741de658ea9ad7981617fe3db"}},"sourceBranch":"main","suggestedTargetBranches":[],"targetPullRequestStates":[{"branch":"main","label":"v9.1.0","branchLabelMappingKey":"^v9.1.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/217778","number":217778,"mergeCommit":{"message":"change reporting usage of `handlebars` to `@kbn/handlebars` (#217778)\n\nChange reporting's usage of `handlebars` to `@kbn/handlebars`. Also\nadded a test to ensure user input is HTML escaped (it always has been,\nthis just tests it).\n\nThere should be no change to the final rendered output, at all. These\nchanges only affect PDF and PNG reports, not CSV reports.","sha":"3b5e96a4b8dc3d2741de658ea9ad7981617fe3db"}}]}] BACKPORT--> Co-authored-by: Patrick Mueller <patrick.mueller@elastic.co>
kibanamachine
added a commit
that referenced
this pull request
Apr 29, 2025
…17778) (#219528) # Backport This will backport the following commits from `main` to `9.0`: - [change reporting usage of `handlebars` to `@kbn/handlebars` (#217778)](#217778) <!--- Backport version: 9.6.6 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sorenlouv/backport) <!--BACKPORT [{"author":{"name":"Patrick Mueller","email":"patrick.mueller@elastic.co"},"sourceCommit":{"committedDate":"2025-04-29T12:08:28Z","message":"change reporting usage of `handlebars` to `@kbn/handlebars` (#217778)\n\nChange reporting's usage of `handlebars` to `@kbn/handlebars`. Also\nadded a test to ensure user input is HTML escaped (it always has been,\nthis just tests it).\n\nThere should be no change to the final rendered output, at all. These\nchanges only affect PDF and PNG reports, not CSV reports.","sha":"3b5e96a4b8dc3d2741de658ea9ad7981617fe3db","branchLabelMapping":{"^v9.1.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","Team:ResponseOps","backport:all-open","ci:cloud-deploy","Feature:Reporting:Framework","Feature:Reporting:Screenshot","v9.1.0"],"title":"change reporting usage of `handlebars` to `@kbn/handlebars`","number":217778,"url":"https://github.com/elastic/kibana/pull/217778","mergeCommit":{"message":"change reporting usage of `handlebars` to `@kbn/handlebars` (#217778)\n\nChange reporting's usage of `handlebars` to `@kbn/handlebars`. Also\nadded a test to ensure user input is HTML escaped (it always has been,\nthis just tests it).\n\nThere should be no change to the final rendered output, at all. These\nchanges only affect PDF and PNG reports, not CSV reports.","sha":"3b5e96a4b8dc3d2741de658ea9ad7981617fe3db"}},"sourceBranch":"main","suggestedTargetBranches":[],"targetPullRequestStates":[{"branch":"main","label":"v9.1.0","branchLabelMappingKey":"^v9.1.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/217778","number":217778,"mergeCommit":{"message":"change reporting usage of `handlebars` to `@kbn/handlebars` (#217778)\n\nChange reporting's usage of `handlebars` to `@kbn/handlebars`. Also\nadded a test to ensure user input is HTML escaped (it always has been,\nthis just tests it).\n\nThere should be no change to the final rendered output, at all. These\nchanges only affect PDF and PNG reports, not CSV reports.","sha":"3b5e96a4b8dc3d2741de658ea9ad7981617fe3db"}}]}] BACKPORT--> Co-authored-by: Patrick Mueller <patrick.mueller@elastic.co>
kibanamachine
added a commit
that referenced
this pull request
Apr 29, 2025
…217778) (#219526) # Backport This will backport the following commits from `main` to `8.18`: - [change reporting usage of `handlebars` to `@kbn/handlebars` (#217778)](#217778) <!--- Backport version: 9.6.6 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sorenlouv/backport) <!--BACKPORT [{"author":{"name":"Patrick Mueller","email":"patrick.mueller@elastic.co"},"sourceCommit":{"committedDate":"2025-04-29T12:08:28Z","message":"change reporting usage of `handlebars` to `@kbn/handlebars` (#217778)\n\nChange reporting's usage of `handlebars` to `@kbn/handlebars`. Also\nadded a test to ensure user input is HTML escaped (it always has been,\nthis just tests it).\n\nThere should be no change to the final rendered output, at all. These\nchanges only affect PDF and PNG reports, not CSV reports.","sha":"3b5e96a4b8dc3d2741de658ea9ad7981617fe3db","branchLabelMapping":{"^v9.1.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","Team:ResponseOps","backport:all-open","ci:cloud-deploy","Feature:Reporting:Framework","Feature:Reporting:Screenshot","v9.1.0"],"title":"change reporting usage of `handlebars` to `@kbn/handlebars`","number":217778,"url":"https://github.com/elastic/kibana/pull/217778","mergeCommit":{"message":"change reporting usage of `handlebars` to `@kbn/handlebars` (#217778)\n\nChange reporting's usage of `handlebars` to `@kbn/handlebars`. Also\nadded a test to ensure user input is HTML escaped (it always has been,\nthis just tests it).\n\nThere should be no change to the final rendered output, at all. These\nchanges only affect PDF and PNG reports, not CSV reports.","sha":"3b5e96a4b8dc3d2741de658ea9ad7981617fe3db"}},"sourceBranch":"main","suggestedTargetBranches":[],"targetPullRequestStates":[{"branch":"main","label":"v9.1.0","branchLabelMappingKey":"^v9.1.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/217778","number":217778,"mergeCommit":{"message":"change reporting usage of `handlebars` to `@kbn/handlebars` (#217778)\n\nChange reporting's usage of `handlebars` to `@kbn/handlebars`. Also\nadded a test to ensure user input is HTML escaped (it always has been,\nthis just tests it).\n\nThere should be no change to the final rendered output, at all. These\nchanges only affect PDF and PNG reports, not CSV reports.","sha":"3b5e96a4b8dc3d2741de658ea9ad7981617fe3db"}}]}] BACKPORT--> Co-authored-by: Patrick Mueller <patrick.mueller@elastic.co>
pmuellr
added a commit
that referenced
this pull request
Apr 29, 2025
…217778) (#219543) # Backport This will backport the following commits from `main` to `8.17`: - [change reporting usage of `handlebars` to `@kbn/handlebars` (#217778)](#217778) <!--- Backport version: 9.6.6 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sorenlouv/backport) <!--BACKPORT [{"author":{"name":"Patrick Mueller","email":"patrick.mueller@elastic.co"},"sourceCommit":{"committedDate":"2025-04-29T12:08:28Z","message":"change reporting usage of `handlebars` to `@kbn/handlebars` (#217778)\n\nChange reporting's usage of `handlebars` to `@kbn/handlebars`. Also\nadded a test to ensure user input is HTML escaped (it always has been,\nthis just tests it).\n\nThere should be no change to the final rendered output, at all. These\nchanges only affect PDF and PNG reports, not CSV reports.","sha":"3b5e96a4b8dc3d2741de658ea9ad7981617fe3db","branchLabelMapping":{"^v9.1.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","Team:ResponseOps","backport:all-open","ci:cloud-deploy","Feature:Reporting:Framework","Feature:Reporting:Screenshot","v9.1.0"],"title":"change reporting usage of `handlebars` to `@kbn/handlebars`","number":217778,"url":"https://github.com/elastic/kibana/pull/217778","mergeCommit":{"message":"change reporting usage of `handlebars` to `@kbn/handlebars` (#217778)\n\nChange reporting's usage of `handlebars` to `@kbn/handlebars`. Also\nadded a test to ensure user input is HTML escaped (it always has been,\nthis just tests it).\n\nThere should be no change to the final rendered output, at all. These\nchanges only affect PDF and PNG reports, not CSV reports.","sha":"3b5e96a4b8dc3d2741de658ea9ad7981617fe3db"}},"sourceBranch":"main","suggestedTargetBranches":[],"targetPullRequestStates":[{"branch":"main","label":"v9.1.0","branchLabelMappingKey":"^v9.1.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/217778","number":217778,"mergeCommit":{"message":"change reporting usage of `handlebars` to `@kbn/handlebars` (#217778)\n\nChange reporting's usage of `handlebars` to `@kbn/handlebars`. Also\nadded a test to ensure user input is HTML escaped (it always has been,\nthis just tests it).\n\nThere should be no change to the final rendered output, at all. These\nchanges only affect PDF and PNG reports, not CSV reports.","sha":"3b5e96a4b8dc3d2741de658ea9ad7981617fe3db"}},{"url":"https://github.com/elastic/kibana/pull/219526","number":219526,"branch":"8.18","state":"OPEN"},{"url":"https://github.com/elastic/kibana/pull/219527","number":219527,"branch":"8.19","state":"OPEN"},{"url":"https://github.com/elastic/kibana/pull/219528","number":219528,"branch":"9.0","state":"OPEN"}]}] BACKPORT-->
akowalska622
pushed a commit
to akowalska622/kibana
that referenced
this pull request
Apr 30, 2025
…217778) Change reporting's usage of `handlebars` to `@kbn/handlebars`. Also added a test to ensure user input is HTML escaped (it always has been, this just tests it). There should be no change to the final rendered output, at all. These changes only affect PDF and PNG reports, not CSV reports.
akowalska622
pushed a commit
to akowalska622/kibana
that referenced
this pull request
May 29, 2025
…217778) Change reporting's usage of `handlebars` to `@kbn/handlebars`. Also added a test to ensure user input is HTML escaped (it always has been, this just tests it). There should be no change to the final rendered output, at all. These changes only affect PDF and PNG reports, not CSV reports.
legrego
pushed a commit
to legrego/kibana
that referenced
this pull request
Jun 11, 2025
…217778) Change reporting's usage of `handlebars` to `@kbn/handlebars`. Also added a test to ensure user input is HTML escaped (it always has been, this just tests it). There should be no change to the final rendered output, at all. These changes only affect PDF and PNG reports, not CSV reports.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Change reporting's usage of
handlebarsto@kbn/handlebars. Also added a test to ensure user input is HTML escaped (it always has been, this just tests it).There should be no change to the final rendered output, at all. These changes only affect PDF and PNG reports, not CSV reports.
Checklist
Check the PR satisfies following conditions.
Powered by Elasticbeneath itPowered by Elasticwill not be rendered.Reviewers should verify this PR satisfies this list as well.