Guard against null value rendering (#842)

Author: sebastienros

Fluid.Tests/TemplateTests.cs

@@ -206,6 +206,47 @@ public async Task ShouldEvaluateStringValue()
             Assert.Equal("abc", result);
         }
 
+        [Fact]
+        public async Task ShouldRenderNullValueFromContext()
+        {
+            _parser.TryParse("{{ x }}", out var template, out var error);
+            var context = new TemplateContext();
+            context.SetValue("x", (object)null);
+
+            var result = await template.RenderAsync(context);
+            Assert.Equal(string.Empty, result);
+        }
+
+        [Fact]
+        public async Task ShouldRenderNullValueFromProperty()
+        {
+            _parser.TryParse("{{ c.Value }}", out var template, out var error);
+
+            var options = new TemplateOptions();
+            options.MemberAccessStrategy.Register<NullStringContainer>();
+
+            var context = new TemplateContext(options);
+            context.SetValue("c", new NullStringContainer());
+
+            var result = await template.RenderAsync(context);
+            Assert.Equal(string.Empty, result);
+        }
+
+        [Fact]
+        public async Task ShouldRenderNullValueFromToString()
+        {
+            _parser.TryParse("{{ c }}", out var template, out var error);
+
+            var options = new TemplateOptions();
+            options.MemberAccessStrategy.Register<NullStringContainer>();
+
+            var context = new TemplateContext(options);
+            context.SetValue("c", new NullStringContainer());
+
+            var result = await template.RenderAsync(context);
+            Assert.Equal(string.Empty, result);
+        }
+
         [Fact]
         public async Task ShouldEvaluateNumberValue()
         {
@@ -401,6 +442,13 @@ public async Task FirstLastSizeShouldUseGetValue()
             Assert.Equal("123 456 789", result);
         }
 
+        private sealed class NullStringContainer
+        {
+            public string Value => null;
+
+            public override string ToString() => null;
+        }
+
         private class PersonValue : ObjectValueBase
         {
             public PersonValue(Person value) : base(value)
@@ -1309,5 +1357,7 @@ public async Task InlineCommentShouldWorkBetweenTags()
             Assert.Contains("Success", result);
             Assert.DoesNotContain("This is between if tags", result);
         }
+
+
     }
 }

Fluid/Filters/MiscFilters.cs

@@ -778,7 +778,7 @@ private static async ValueTask WriteJson(Utf8JsonWriter writer, FluidValue input
                     }
                     break;
                 case FluidValues.String:
-                    writer.WriteStringValue(JsonEncodedText.Encode(input.ToStringValue(), ctx.Options.JavaScriptEncoder));
+                    writer.WriteStringValue(JsonEncodedText.Encode(input.ToStringValue() ?? "", ctx.Options.JavaScriptEncoder));
                     break;
                 case FluidValues.Blank:
                 case FluidValues.Empty:

Fluid/Values/ObjectValueBase.cs

@@ -153,13 +153,29 @@ public override decimal ToNumberValue()
         public override void WriteTo(TextWriter writer, TextEncoder encoder, CultureInfo cultureInfo)
         {
             AssertWriteToParameters(writer, encoder, cultureInfo);
-            writer.Write(encoder.Encode(ToStringValue()));
+
+            var value = ToStringValue();
+            
+            if (string.IsNullOrEmpty(value))
+            {
+                return;
+            }
+
+            writer.Write(encoder.Encode(value));
         }
 
         public override ValueTask WriteToAsync(TextWriter writer, TextEncoder encoder, CultureInfo cultureInfo)
         {
             AssertWriteToParameters(writer, encoder, cultureInfo);
-            var task = writer.WriteAsync(encoder.Encode(ToStringValue()));
+
+            var value = ToStringValue();
+
+            if (string.IsNullOrEmpty(value))
+            {
+                return default;
+            }
+
+            var task = writer.WriteAsync(encoder.Encode(value));
 
             if (task.IsCompletedSuccessfully())
             {