v1.0.1; escape use of $ in string.replace (closes #11)

Author: gadicc

History.md

@@ -1,5 +1,15 @@
 # vNEXT
 
+# v1.0.1
+
+* Escape use of $ in string.replace in all internal functions (fixes #11)
+
+# v1.0.0
+
+* Re-release in Meteor 0.9.0 package system, with better semver
+* Note, package will be renamed to meteorhacks:inject-initial once MDG
+ finishes up with rename and redirect support.
+
 # v0.0.19
 
 * Critical work (fixes and tests) from arunoda. Thank you!

lib/inject-core.js

@@ -19,7 +19,6 @@ http.OutgoingMessage.prototype.write = function(chunk, encoding) {
  }
  }
 
-
  this.iInjected = true;
  }
 

lib/inject-server.js

@@ -1,3 +1,14 @@
+function escapeReplaceString(str) {
+ /*
+ * When using string.replace(str, newSubStr), the dollar sign ("$") is
+ * considered a special character in newSubStr, and needs to be escaped
+ * as "$$". We have to do this twice, for escaping the newSubStr in
+ * this function, and for the resulting string which is passed back.
+ * https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/String/replace
+ */
+ return str.replace(/\$/g, '$$$$');
+}
+
 Inject = {
  // stores in a script type=application/ejson tag, accessed with Injected.obj('id')
  obj: function(id, data, res) {
@@ -74,7 +85,7 @@ Inject = {
  + "</script>\n";
  }
 
- return html.replace('<head>', '<head>\n' + injectHtml);
+ return html.replace('<head>', '<head>\n' + escapeReplaceString(injectHtml));
  },
 
  _injectMeta: function(html, res) {
@@ -89,7 +100,7 @@ Inject = {
  + "' content='" + meta.replace("'", '&apos;') + "'>\n", res;
  }
 
- return html.replace('<head>', '<head>\n' + injectHtml);
+ return html.replace('<head>', '<head>\n' + escapeReplaceString(injectHtml));
  },
 
  _injectHeads: function(html, res) {
@@ -103,7 +114,7 @@ Inject = {
  injectHtml += head + '\n';
  }
 
- return html.replace('<head>', '<head>\n' + injectHtml);
+ return html.replace('<head>', '<head>\n' + escapeReplaceString(injectHtml));
  },
 
  _injectBodies: function(html, res) {
@@ -117,7 +128,7 @@ Inject = {
  injectHtml += body + '\n';
  }
 
- return html.replace('<body>', '<body>\n' + injectHtml);
+ return html.replace('<body>', '<body>\n' + escapeReplaceString(injectHtml));
  },
 
  // ensure object exists and store there

package.js

@@ -1,8 +1,8 @@
 Package.describe({
  summary: "Allow injection of arbitrary data to initial Meteor HTML page",
- version: "1.0.0",
- git: "https://github.com/gadicc/meteor-inject-initial.git",
- name: "meteorhacks:inject-initial"
+ version: "1.0.1",
+ git: "https://github.com/meteorhacks/meteor-inject-initial.git",
+ name: "gadicohen:inject-initial"
 });
 
 Npm.depends({

test/inject-internal-api.js

@@ -4,20 +4,20 @@ Tinytest.add(
  function func() {};
  Inject.rawHeads = {
  "id1": "one",
- "id2": "two"
+ "id2": "two$$"
  };
 
  var res = {
  Inject: {
  rawHeads: {
  "id3": "three",
- "id4": "four"
+ "id4": "four$$"
  }
  }
  };
 
  var newHtml = Inject._injectHeads("<head></head>", res);
- test.equal(newHtml, "<head>\none\ntwo\nthree\nfour\n</head>")
+ test.equal(newHtml, "<head>\none\ntwo$$\nthree\nfour$$\n</head>")
  }
 );
 
@@ -27,19 +27,75 @@ Tinytest.add(
  function func() {};
  Inject.rawBodies = {
  "id1": "one",
- "id2": "two"
+ "id2": "two$$"
  };
 
  var res = {
  Inject: {
  rawBodies: {
  "id3": "three",
- "id4": "four"
+ "id4": "four$$"
  }
  }
  };
 
  var newHtml = Inject._injectBodies("<body></body>", res);
- test.equal(newHtml, "<body>\none\ntwo\nthree\nfour\n</body>")
+ test.equal(newHtml, "<body>\none\ntwo$$\nthree\nfour$$\n</body>")
+ }
+);
+
+Tinytest.add(
+ 'Inject Internal Apis - _injectObjects',
+ function (test) {
+ function func() {};
+ Inject.objList = {
+ "id1": { value: 1 },
+ "id2": { value: "two$$" }
+ };
+
+ var res = {
+ Inject: {
+ objList: {
+ "id3": { value: "three$$" },
+ "id4": { value: 4 }
+ }
+ }
+ };
+
+ var newHtml = Inject._injectObjects("<head></head>", res);
+ test.equal(newHtml, "<head>\n"
+ + " <script id='id1' type='application/ejson'>{\"value\":1}</script>\n"
+ + " <script id='id2' type='application/ejson'>{\"value\":\"two$$\"}</script>\n"
+ + " <script id='id3' type='application/ejson'>{\"value\":\"three$$\"}</script>\n"
+ + " <script id='id4' type='application/ejson'>{\"value\":4}</script>\n"
+ + "</head>");
+ }
+);
+
+Tinytest.add(
+ 'Inject Internal Apis - _injectMeta',
+ function (test) {
+ function func() {};
+ Inject.metaList = {
+ "id1": "1",
+ "id2": "two$$"
+ };
+
+ var res = {
+ Inject: {
+ metaList: {
+ "id3": "three",
+ "id4": "four$$"
+ }
+ }
+ };
+
+ var newHtml = Inject._injectMeta("<head></head>", res);
+ test.equal(newHtml, "<head>\n"
+ + " <meta id='id1' content='1'>\n"
+ + " <meta id='id2' content='two$$'>\n"
+ + " <meta id='id3' content='three'>\n"
+ + " <meta id='id4' content='four$$'>\n"
+ + "</head>");
  }
 );