-
Notifications
You must be signed in to change notification settings - Fork 10.3k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
fix(gatsby-plugin-mdx): Do not leak frontmatter into page (#35859)
- Loading branch information
Showing
15 changed files
with
260 additions
and
71 deletions.
There are no files selected for viewing
91 changes: 91 additions & 0 deletions
91
e2e-tests/mdx-less-babel/cypress/integration/frontmatter.js
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,91 @@ | ||
const page = { | ||
js: `/frontmatter-js`, | ||
javascript: `/frontmatter-javascript`, | ||
yaml: `/frontmatter-yaml`, | ||
json: `/frontmatter-json`, | ||
graphqlQuery: `/frontmatter-graphql-query`, | ||
} | ||
|
||
// Attribute selector for element we assert against in pages | ||
const selector = `[data-cy="frontmatter"]` | ||
|
||
// Strings used for frontmatter titles | ||
const titles = { | ||
notParsed: `I should not be parsed`, | ||
parsed: `I am parsed`, | ||
} | ||
|
||
// Frontmatter that should not be rendered | ||
const otherKey = `Some other key` | ||
|
||
describe(`webpack loader`, () => { | ||
describe(`---yaml frontmatter`, () => { | ||
beforeEach(() => { | ||
cy.visit(page.yaml).waitForRouteChange() | ||
}) | ||
|
||
it(`should parse`, () => { | ||
cy.get(selector).invoke(`text`).should(`eq`, titles.parsed) | ||
}) | ||
|
||
it(`should not leak into the page`, () => { | ||
cy.contains(otherKey).should(`not.exist`) | ||
}) | ||
}) | ||
|
||
describe(`---json frontmatter`, () => { | ||
beforeEach(() => { | ||
cy.visit(page.json).waitForRouteChange() | ||
}) | ||
|
||
it(`should parse`, () => { | ||
cy.get(selector).invoke(`text`).should(`eq`, titles.parsed) | ||
}) | ||
|
||
it(`should not leak into the page`, () => { | ||
cy.contains(otherKey).should(`not.exist`) | ||
}) | ||
}) | ||
|
||
describe(`---js frontmatter`, () => { | ||
beforeEach(() => { | ||
cy.visit(page.js).waitForRouteChange() | ||
}) | ||
|
||
it(`should parse`, () => { | ||
cy.get(selector).invoke(`text`).should(`eq`, `disabled`) | ||
}) | ||
|
||
it(`should not leak into the page`, () => { | ||
cy.contains(otherKey).should(`not.exist`) | ||
}) | ||
}) | ||
|
||
describe(`---javascript frontmatter`, () => { | ||
beforeEach(() => { | ||
cy.visit(page.javascript).waitForRouteChange() | ||
}) | ||
|
||
it(`should parse`, () => { | ||
cy.get(selector).invoke(`text`).should(`eq`, `disabled`) | ||
}) | ||
|
||
it(`should not leak into the page`, () => { | ||
cy.contains(otherKey).should(`not.exist`) | ||
}) | ||
}) | ||
}) | ||
|
||
describe(`data layer`, () => { | ||
it(`---js or ---javascript frontmatter should not parse by default`, () => { | ||
cy.visit(page.graphqlQuery).waitForRouteChange() | ||
cy.contains(titles.notParsed).should(`not.exist`) | ||
}) | ||
}) | ||
|
||
it(`---js and ---javascript frontmatter should not allow remote code execution`, () => { | ||
cy.readFile(`cypress/fixtures/file-to-attempt-rce-on.txt`).should( | ||
`eq`, | ||
`Nothing here, do not remove` | ||
) | ||
}) |
29 changes: 0 additions & 29 deletions
29
e2e-tests/mdx-less-babel/cypress/integration/js-frontmatter.js
This file was deleted.
Oops, something went wrong.
File renamed without changes.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,8 @@ | ||
---json | ||
{ "title": "I am parsed", "otherKey": "Some other key" } | ||
|
||
--- | ||
|
||
<h1>A page with JSON frontmatter</h1> | ||
|
||
<span data-cy="frontmatter">{props.pageContext.frontmatter?.title}</span> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
---yaml | ||
title: I am parsed | ||
otherKey: Some other key | ||
|
||
--- | ||
|
||
<h1>A page with YAML frontmatter</h1> | ||
|
||
<span data-cy="frontmatter">{props.pageContext.frontmatter?.title}</span> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,91 @@ | ||
const page = { | ||
js: `/frontmatter-js`, | ||
javascript: `/frontmatter-javascript`, | ||
yaml: `/frontmatter-yaml`, | ||
json: `/frontmatter-json`, | ||
graphqlQuery: `/frontmatter-graphql-query`, | ||
} | ||
|
||
// Attribute selector for element we assert against in pages | ||
const selector = `[data-cy="frontmatter"]` | ||
|
||
// Strings used for frontmatter titles | ||
const titles = { | ||
notParsed: `I should not be parsed`, | ||
parsed: `I am parsed`, | ||
} | ||
|
||
// Frontmatter that should not be rendered | ||
const otherKey = `Some other key` | ||
|
||
describe(`webpack loader`, () => { | ||
describe(`---yaml frontmatter`, () => { | ||
beforeEach(() => { | ||
cy.visit(page.yaml).waitForRouteChange() | ||
}) | ||
|
||
it(`should parse`, () => { | ||
cy.get(selector).invoke(`text`).should(`eq`, titles.parsed) | ||
}) | ||
|
||
it(`should not leak into the page`, () => { | ||
cy.contains(otherKey).should(`not.exist`) | ||
}) | ||
}) | ||
|
||
describe(`---json frontmatter`, () => { | ||
beforeEach(() => { | ||
cy.visit(page.json).waitForRouteChange() | ||
}) | ||
|
||
it(`should parse`, () => { | ||
cy.get(selector).invoke(`text`).should(`eq`, titles.parsed) | ||
}) | ||
|
||
it(`should not leak into the page`, () => { | ||
cy.contains(otherKey).should(`not.exist`) | ||
}) | ||
}) | ||
|
||
describe(`---js frontmatter`, () => { | ||
beforeEach(() => { | ||
cy.visit(page.js).waitForRouteChange() | ||
}) | ||
|
||
it(`should parse`, () => { | ||
cy.get(selector).invoke(`text`).should(`eq`, `disabled`) | ||
}) | ||
|
||
it(`should not leak into the page`, () => { | ||
cy.contains(otherKey).should(`not.exist`) | ||
}) | ||
}) | ||
|
||
describe(`---javascript frontmatter`, () => { | ||
beforeEach(() => { | ||
cy.visit(page.javascript).waitForRouteChange() | ||
}) | ||
|
||
it(`should parse`, () => { | ||
cy.get(selector).invoke(`text`).should(`eq`, `disabled`) | ||
}) | ||
|
||
it(`should not leak into the page`, () => { | ||
cy.contains(otherKey).should(`not.exist`) | ||
}) | ||
}) | ||
}) | ||
|
||
describe(`data layer`, () => { | ||
it(`---js or ---javascript frontmatter should not parse by default`, () => { | ||
cy.visit(page.graphqlQuery).waitForRouteChange() | ||
cy.contains(titles.notParsed).should(`not.exist`) | ||
}) | ||
}) | ||
|
||
it(`---js and ---javascript frontmatter should not allow remote code execution`, () => { | ||
cy.readFile(`cypress/fixtures/file-to-attempt-rce-on.txt`).should( | ||
`eq`, | ||
`Nothing here, do not remove` | ||
) | ||
}) |
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,30 @@ | ||
import React from "react" | ||
import { graphql } from "gatsby" | ||
|
||
export default function PageRunningGraphqlResolversOnJSFrontmatterTestInputs({ | ||
data, | ||
}) { | ||
return <pre>{JSON.stringify(data.allMdx.nodes, null, 2)}</pre> | ||
} | ||
|
||
export const query = graphql` | ||
{ | ||
allMdx(filter: { slug: { glob: "frontmatter-engine/*" } }) { | ||
nodes { | ||
frontmatter { | ||
title | ||
} | ||
body | ||
excerpt | ||
tableOfContents | ||
timeToRead | ||
wordCount { | ||
paragraphs | ||
sentences | ||
words | ||
} | ||
mdxAST | ||
} | ||
} | ||
} | ||
` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,8 @@ | ||
---json | ||
{ "title": "I am parsed", "otherKey": "Some other key" } | ||
|
||
--- | ||
|
||
<h1>A page with JSON frontmatter</h1> | ||
|
||
<span data-cy="frontmatter">{props.pageContext.frontmatter?.title}</span> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
---yaml | ||
title: I am parsed | ||
otherKey: Some other key | ||
|
||
--- | ||
|
||
<h1>A page with YAML frontmatter</h1> | ||
|
||
<span data-cy="frontmatter">{props.pageContext.frontmatter?.title}</span> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters