From 3a03592293981032315d4045ab950e6d083912fb Mon Sep 17 00:00:00 2001
From: Sayo <82053242+wtfsayo@users.noreply.github.com>
Date: Mon, 6 Jan 2025 19:12:49 +0530
Subject: [PATCH] add santisation for handlebar template

---
 packages/core/src/context.ts | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/packages/core/src/context.ts b/packages/core/src/context.ts
index a682e6794c..1c106bc23f 100644
--- a/packages/core/src/context.ts
+++ b/packages/core/src/context.ts
@@ -35,6 +35,12 @@ export const composeContext = ({
     template: string;
     templatingEngine?: "handlebars";
 }) => {
+
+    // Sanitize the template by only allowing specific patterns
+    if (!/^[^{]*{{[\s\w]+}}[^}]*$/.test(template)) {
+        throw new Error("Invalid template format. Only simple variable substitutions are allowed.");
+    }
+
     if (templatingEngine === "handlebars") {
         const templateFunction = handlebars.compile(template);
         return templateFunction(state);