From 32acfe8f197dc44c54e8af32c7d7b19aa9d350fb Mon Sep 17 00:00:00 2001
From: Forbes Lindesay <forbes@lindesay.co.uk>
Date: Fri, 24 May 2024 18:31:53 +0100
Subject: [PATCH] fix: ensure template names are valid identifiers (#3438)

---
 packages/pug-code-gen/index.js | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)

diff --git a/packages/pug-code-gen/index.js b/packages/pug-code-gen/index.js
index de5c70a72..3e6bf3b27 100644
--- a/packages/pug-code-gen/index.js
+++ b/packages/pug-code-gen/index.js
@@ -39,6 +39,10 @@ function toConstant(src) {
   return constantinople.toConstant(src, {pug: runtime, pug_interp: undefined});
 }
 
+function isIdentifier(name) {
+  return /^[a-zA-Z_$][a-zA-Z0-9_$]*$/.test(name);
+}
+
 /**
  * Initialize `Compiler` with the given `node`.
  *
@@ -62,6 +66,23 @@ function Compiler(node, options) {
       'The pretty parameter should either be a boolean or whitespace only string'
     );
   }
+  if (this.options.templateName && !isIdentifier(this.options.templateName)) {
+    throw new Error(
+      'The templateName parameter must be a valid JavaScript identifier if specified.'
+    );
+  }
+  if (
+    this.doctype &&
+    (this.doctype.includes('<') || this.doctype.includes('>'))
+  ) {
+    throw new Error('Doctype can not contain "<" or ">"');
+  }
+  if (this.options.globals && !this.options.globals.every(isIdentifier)) {
+    throw new Error(
+      'The globals option must be an array of valid JavaScript identifiers if specified.'
+    );
+  }
+
   this.debug = false !== options.compileDebug;
   this.indents = 0;
   this.parentIndents = 0;
@@ -167,6 +188,7 @@ Compiler.prototype = {
         ');' +
         '}';
     }
+
     return (
       buildRuntime(this.runtimeFunctionsUsed) +
       'function ' +