Cherry pick security fix (#274) to 2-6-stable

2026-01-06 18:25:41 +03:00 · 2014-01-10 11:22:28 -05:00
parent 442041206f
commit eb409ff237
3 changed files with 16 additions and 4 deletions
--- a/test/liquid/tags/if_else_tag_test.rb
+++ b/test/liquid/tags/if_else_tag_test.rb
@@ -157,4 +157,10 @@ class IfElseTagTest < Test::Unit::TestCase
    assert_template_result('yes',
                           %({% if 'gnomeslab-and-or-liquid' contains 'gnomeslab-and-or-liquid' %}yes{% endif %}))
  end
+
+  def test_operators_are_whitelisted
+    assert_raise(SyntaxError) do
+      assert_template_result('', %({% if 1 or throw or or 1 %}yes{% endif %}))
+    end
+  end
 end # IfElseTest