add santisation for handlebar template

elizaOS · Jan 6, 2025 · 3a03592 · 3a03592
1 parent c9a71cd
commit 3a03592
Showing 1 changed file with 6 additions and 0 deletions.
diff --git a/packages/core/src/context.ts b/packages/core/src/context.ts
@@ -35,6 +35,12 @@ export const composeContext = ({
     template: string;
     templatingEngine?: "handlebars";
 }) => {
+
+    // Sanitize the template by only allowing specific patterns
+    if (!/^[^{]*{{[\s\w]+}}[^}]*$/.test(template)) {
+        throw new Error("Invalid template format. Only simple variable substitutions are allowed.");
+    }
+
     if (templatingEngine === "handlebars") {
         const templateFunction = handlebars.compile(template);
         return templateFunction(state);