feat: configure escaping on handlebars templates (#6678)

Co-authored-by: Amr Bashir <amr.bashir2015@gmail.com>

Author: lucasfernog

.changes/handlebars-escape.md

@@ -0,0 +1,7 @@
+---
+"tauri-bundler": patch
+"cli.rs": patch
+"cli.js": patch
+---
+
+Use escaping on Handlebars templates.

tooling/bundler/src/bundle/linux/appimage.rs

@@ -81,6 +81,7 @@ pub fn bundle_project(settings: &Settings) -> crate::Result<Vec<PathBuf>> {
 
   // initialize shell script template.
   let mut handlebars = Handlebars::new();
+  handlebars.register_escape_fn(|s| s.into());
   handlebars
     .register_template_string("appimage", include_str!("templates/appimage"))
     .expect("Failed to register template for handlebars");

tooling/bundler/src/bundle/windows/msi/wix.rs

@@ -692,6 +692,7 @@ pub fn build_wix_app_installer(
 
     // Create the Powershell script to install the task
     let mut skip_uac_task_installer = Handlebars::new();
+    skip_uac_task_installer.register_escape_fn(|s| s.into());
     let xml = include_str!("../templates/install-task.ps1");
     skip_uac_task_installer
       .register_template_string("install-task.ps1", xml)
@@ -703,6 +704,7 @@ pub fn build_wix_app_installer(
 
     // Create the Powershell script to uninstall the task
     let mut skip_uac_task_uninstaller = Handlebars::new();
+    skip_uac_task_uninstaller.register_escape_fn(|s| s.into());
     let xml = include_str!("../templates/uninstall-task.ps1");
     skip_uac_task_uninstaller
       .register_template_string("uninstall-task.ps1", xml)

tooling/bundler/src/bundle/windows/nsis.rs

@@ -344,6 +344,21 @@ fn build_nsis_app_installer(
   }
 
   let mut handlebars = Handlebars::new();
+  handlebars.register_escape_fn(|s| {
+    let mut output = String::new();
+    for c in s.chars() {
+      match c {
+        '\"' => output.push_str("$\\\""),
+        '$' => output.push_str("$$"),
+        '`' => output.push_str("$\\`"),
+        '\n' => output.push_str("$\\n"),
+        '\t' => output.push_str("$\\t"),
+        '\r' => output.push_str("$\\r"),
+        _ => output.push(c),
+      }
+    }
+    output
+  });
   handlebars
     .register_template_string("installer.nsi", include_str!("./templates/installer.nsi"))
     .map_err(|e| e.to_string())

tooling/bundler/src/bundle/windows/templates/install-task.ps1

@@ -25,4 +25,4 @@ if ($ChangeDir -ne "") {
     # Change directories to the install path
     Set-Location -Path $ChangeDir
 }
-SCHTASKS.EXE /CREATE /XML update.xml /TN "Update {{{product_name}}} - Skip UAC" /F
+SCHTASKS.EXE /CREATE /XML update.xml /TN "Update {{product_name}} - Skip UAC" /F

tooling/bundler/src/bundle/windows/templates/installer.nsi

@@ -6,26 +6,26 @@ Var ReinstallPageCheck
 !include x64.nsh
 !include WordFunc.nsh
 
-!define MANUFACTURER "{{{manufacturer}}}"
-!define PRODUCTNAME "{{{product_name}}}"
-!define VERSION "{{{version}}}"
-!define INSTALLMODE "{{{install_mode}}}"
-!define LICENSE "{{{license}}}"
-!define INSTALLERICON "{{{installer_icon}}}"
-!define SIDEBARIMAGE "{{{sidebar_image}}}"
-!define HEADERIMAGE "{{{header_image}}}"
-!define MAINBINARYNAME "{{{main_binary_name}}}"
-!define MAINBINARYSRCPATH "{{{main_binary_path}}}"
-!define BUNDLEID "{{{bundle_id}}}"
-!define OUTFILE "{{{out_file}}}"
-!define ARCH "{{{arch}}}"
-!define PLUGINSPATH "{{{additional_plugins_path}}}"
-!define ALLOWDOWNGRADES "{{{allow_downgrades}}}"
-!define DISPLAYLANGUAGESELECTOR "{{{display_language_selector}}}"
-!define INSTALLWEBVIEW2MODE "{{{install_webview2_mode}}}"
-!define WEBVIEW2INSTALLERARGS "{{{webview2_installer_args}}}"
-!define WEBVIEW2BOOTSTRAPPERPATH "{{{webview2_bootstrapper_path}}}"
-!define WEBVIEW2INSTALLERPATH "{{{webview2_installer_path}}}"
+!define MANUFACTURER "{{manufacturer}}"
+!define PRODUCTNAME "{{product_name}}"
+!define VERSION "{{version}}"
+!define INSTALLMODE "{{install_mode}}"
+!define LICENSE "{{license}}"
+!define INSTALLERICON "{{installer_icon}}"
+!define SIDEBARIMAGE "{{sidebar_image}}"
+!define HEADERIMAGE "{{header_image}}"
+!define MAINBINARYNAME "{{main_binary_name}}"
+!define MAINBINARYSRCPATH "{{main_binary_path}}"
+!define BUNDLEID "{{bundle_id}}"
+!define OUTFILE "{{out_file}}"
+!define ARCH "{{arch}}"
+!define PLUGINSPATH "{{additional_plugins_path}}"
+!define ALLOWDOWNGRADES "{{allow_downgrades}}"
+!define DISPLAYLANGUAGESELECTOR "{{display_language_selector}}"
+!define INSTALLWEBVIEW2MODE "{{install_webview2_mode}}"
+!define WEBVIEW2INSTALLERARGS "{{webview2_installer_args}}"
+!define WEBVIEW2BOOTSTRAPPERPATH "{{webview2_bootstrapper_path}}"
+!define WEBVIEW2INSTALLERPATH "{{webview2_installer_path}}"
 !define UNINSTKEY "Software\Microsoft\Windows\CurrentVersion\Uninstall\${PRODUCTNAME}"
 !define MANUPRODUCTKEY "Software\${MANUFACTURER}\${PRODUCTNAME}"
 

tooling/bundler/src/bundle/windows/templates/main.wxs

@@ -11,11 +11,11 @@
 <Wix xmlns="http://schemas.microsoft.com/wix/2006/wi">
     <Product
             Id="*"
-            Name="{{{product_name}}}"
-            UpgradeCode="{{{upgrade_code}}}"
+            Name="{{product_name}}"
+            UpgradeCode="{{upgrade_code}}"
             Language="!(loc.TauriLanguage)"
-            Manufacturer="{{{manufacturer}}}"
-            Version="{{{version}}}">
+            Manufacturer="{{manufacturer}}"
+            Version="{{version}}">
 
         <Package Id="*"
                  Keywords="Installer"
@@ -42,23 +42,23 @@
         <Media Id="1" Cabinet="app.cab" EmbedCab="yes" />
 
         {{#if banner_path}}
-        <WixVariable Id="WixUIBannerBmp" Value="{{{banner_path}}}" />
+        <WixVariable Id="WixUIBannerBmp" Value="{{banner_path}}" />
         {{/if}}
         {{#if dialog_image_path}}
-        <WixVariable Id="WixUIDialogBmp" Value="{{{dialog_image_path}}}" />
+        <WixVariable Id="WixUIDialogBmp" Value="{{dialog_image_path}}" />
         {{/if}}
         {{#if license}}
-        <WixVariable Id="WixUILicenseRtf" Value="{{{license}}}" />
+        <WixVariable Id="WixUILicenseRtf" Value="{{license}}" />
         {{/if}}
 
-        <Icon Id="ProductIcon" SourceFile="{{{icon_path}}}"/>
+        <Icon Id="ProductIcon" SourceFile="{{icon_path}}"/>
         <Property Id="ARPPRODUCTICON" Value="ProductIcon" />
         <Property Id="ARPNOREPAIR" Value="yes" Secure="yes" />      <!-- Remove repair -->
         <SetProperty Id="ARPNOMODIFY" Value="1" After="InstallValidate" Sequence="execute"/>
 
         <!-- initialize with previous InstallDir -->
         <Property Id="INSTALLDIR">
-            <RegistrySearch Id="PrevInstallDirReg" Root="HKCU" Key="Software\\{{{manufacturer}}}\\{{{product_name}}}" Name="InstallDir" Type="raw"/>
+            <RegistrySearch Id="PrevInstallDirReg" Root="HKCU" Key="Software\\{{manufacturer}}\\{{product_name}}" Name="InstallDir" Type="raw"/>
         </Property>
 
         <!-- launch app checkbox -->
@@ -93,27 +93,27 @@
         <Directory Id="TARGETDIR" Name="SourceDir">
             <Directory Id="DesktopFolder" Name="Desktop">
                 <Component Id="ApplicationShortcutDesktop" Guid="*">
-                    <Shortcut Id="ApplicationDesktopShortcut" Name="{{{product_name}}}" Description="Runs {{{product_name}}}" Target="[!Path]" WorkingDirectory="INSTALLDIR" />
+                    <Shortcut Id="ApplicationDesktopShortcut" Name="{{product_name}}" Description="Runs {{product_name}}" Target="[!Path]" WorkingDirectory="INSTALLDIR" />
                     <RemoveFolder Id="DesktopFolder" On="uninstall" />
-                    <RegistryValue Root="HKCU" Key="Software\\{{{manufacturer}}}\\{{{product_name}}}" Name="Desktop Shortcut" Type="integer" Value="1" KeyPath="yes" />
+                    <RegistryValue Root="HKCU" Key="Software\\{{manufacturer}}\\{{product_name}}" Name="Desktop Shortcut" Type="integer" Value="1" KeyPath="yes" />
                 </Component>
             </Directory>
             <Directory Id="$(var.PlatformProgramFilesFolder)" Name="PFiles">
-                <Directory Id="INSTALLDIR" Name="{{{product_name}}}"/>
+                <Directory Id="INSTALLDIR" Name="{{product_name}}"/>
             </Directory>
             <Directory Id="ProgramMenuFolder">
-                <Directory Id="ApplicationProgramsFolder" Name="{{{product_name}}}"/>
+                <Directory Id="ApplicationProgramsFolder" Name="{{product_name}}"/>
             </Directory>
         </Directory>
 
         <DirectoryRef Id="INSTALLDIR">
             <Component Id="RegistryEntries" Guid="*">
-                <RegistryKey Root="HKCU" Key="Software\\{{{manufacturer}}}\\{{{product_name}}}">
+                <RegistryKey Root="HKCU" Key="Software\\{{manufacturer}}\\{{product_name}}">
                     <RegistryValue Name="InstallDir" Type="string" Value="[INSTALLDIR]" KeyPath="yes" />
                 </RegistryKey>
             </Component>
-            <Component Id="Path" Guid="{{{path_component_guid}}}" Win64="$(var.Win64)">
-                <File Id="Path" Source="{{{app_exe_source}}}" KeyPath="yes" Checksum="yes"/>
+            <Component Id="Path" Guid="{{path_component_guid}}" Win64="$(var.Win64)">
+                <File Id="Path" Source="{{app_exe_source}}" KeyPath="yes" Checksum="yes"/>
             </Component>
             {{#each binaries as |bin| ~}}
             <Component Id="{{ bin.id }}" Guid="{{bin.guid}}" Win64="$(var.Win64)">
@@ -131,20 +131,20 @@
                 <File Id="UpdateTaskUninstaller" Source="uninstall-task.ps1" KeyPath="yes" Checksum="yes"/>
             </Component>
             {{/if}}
-            {{{resources}}}
+            {{resources}}
             <Component Id="CMP_UninstallShortcut" Guid="*">
 
                 <Shortcut Id="UninstallShortcut"
-						  Name="Uninstall {{{product_name}}}"
-						  Description="Uninstalls {{{product_name}}}"
+						  Name="Uninstall {{product_name}}"
+						  Description="Uninstalls {{product_name}}"
 						  Target="[System64Folder]msiexec.exe"
 						  Arguments="/x [ProductCode]" />
 
 				<RemoveFolder Id="INSTALLDIR"
 							  On="uninstall" />
 
 				<RegistryValue Root="HKCU"
-							   Key="Software\\{{{manufacturer}}}\\{{{product_name}}}"
+							   Key="Software\\{{manufacturer}}\\{{product_name}}"
 							   Name="Uninstaller Shortcut"
 							   Type="integer"
 							   Value="1"
@@ -155,15 +155,15 @@
         <DirectoryRef Id="ApplicationProgramsFolder">
             <Component Id="ApplicationShortcut" Guid="*">
                 <Shortcut Id="ApplicationStartMenuShortcut"
-                    Name="{{{product_name}}}"
-                    Description="Runs {{{product_name}}}"
+                    Name="{{product_name}}"
+                    Description="Runs {{product_name}}"
                     Target="[!Path]"
                     Icon="ProductIcon"
                     WorkingDirectory="INSTALLDIR">
-                    <ShortcutProperty Key="System.AppUserModel.ID" Value="{{{bundle_id}}}"/>
+                    <ShortcutProperty Key="System.AppUserModel.ID" Value="{{bundle_id}}"/>
                 </Shortcut>
                 <RemoveFolder Id="ApplicationProgramsFolder" On="uninstall"/>
-                <RegistryValue Root="HKCU" Key="Software\\{{{manufacturer}}}\\{{{product_name}}}" Name="Start Menu Shortcut" Type="integer" Value="1" KeyPath="yes"/>
+                <RegistryValue Root="HKCU" Key="Software\\{{manufacturer}}\\{{product_name}}" Name="Start Menu Shortcut" Type="integer" Value="1" KeyPath="yes"/>
            </Component>
         </DirectoryRef>
 
@@ -247,7 +247,7 @@
         </Property>
 
         {{#if download_bootstrapper}}
-        <CustomAction Id='DownloadAndInvokeBootstrapper' Directory="INSTALLDIR" Execute="deferred" ExeCommand='powershell.exe -NoProfile -windowstyle hidden try [\{] [\[]Net.ServicePointManager[\]]::SecurityProtocol = [\[]Net.SecurityProtocolType[\]]::Tls12 [\}] catch [\{][\}]; Invoke-WebRequest -Uri "https://go.microsoft.com/fwlink/p/?LinkId=2124703" -OutFile "$env:TEMP\MicrosoftEdgeWebview2Setup.exe" ; Start-Process -FilePath "$env:TEMP\MicrosoftEdgeWebview2Setup.exe" -ArgumentList ({{{webview_installer_args}}} &apos;/install&apos;) -Wait' Return='check'/>
+        <CustomAction Id='DownloadAndInvokeBootstrapper' Directory="INSTALLDIR" Execute="deferred" ExeCommand='powershell.exe -NoProfile -windowstyle hidden try [\{] [\[]Net.ServicePointManager[\]]::SecurityProtocol = [\[]Net.SecurityProtocolType[\]]::Tls12 [\}] catch [\{][\}]; Invoke-WebRequest -Uri "https://go.microsoft.com/fwlink/p/?LinkId=2124703" -OutFile "$env:TEMP\MicrosoftEdgeWebview2Setup.exe" ; Start-Process -FilePath "$env:TEMP\MicrosoftEdgeWebview2Setup.exe" -ArgumentList ({{webview_installer_args}} &apos;/install&apos;) -Wait' Return='check'/>
         <InstallExecuteSequence>
             <Custom Action='DownloadAndInvokeBootstrapper' Before='InstallFinalize'>
                 <![CDATA[NOT(REMOVE OR WVRTINSTALLED)]]>
@@ -257,8 +257,8 @@
 
         <!-- Embedded webview bootstrapper mode -->
         {{#if webview2_bootstrapper_path}}
-        <Binary Id="MicrosoftEdgeWebview2Setup.exe" SourceFile="{{{webview2_bootstrapper_path}}}"/>
-        <CustomAction Id='InvokeBootstrapper' BinaryKey='MicrosoftEdgeWebview2Setup.exe' Execute="deferred" ExeCommand='{{{webview_installer_args}}} /install' Return='check' />
+        <Binary Id="MicrosoftEdgeWebview2Setup.exe" SourceFile="{{webview2_bootstrapper_path}}"/>
+        <CustomAction Id='InvokeBootstrapper' BinaryKey='MicrosoftEdgeWebview2Setup.exe' Execute="deferred" ExeCommand='{{webview_installer_args}} /install' Return='check' />
         <InstallExecuteSequence>
             <Custom Action='InvokeBootstrapper' Before='InstallFinalize'>
                 <![CDATA[NOT(REMOVE OR WVRTINSTALLED)]]>
@@ -268,8 +268,8 @@
 
         <!-- Embedded offline installer -->
         {{#if webview2_installer_path}}
-        <Binary Id="MicrosoftEdgeWebView2RuntimeInstaller.exe" SourceFile="{{{webview2_installer_path}}}"/>
-        <CustomAction Id='InvokeStandalone' BinaryKey='MicrosoftEdgeWebView2RuntimeInstaller.exe' Execute="deferred" ExeCommand='{{{webview_installer_args}}} /install' Return='check' />
+        <Binary Id="MicrosoftEdgeWebView2RuntimeInstaller.exe" SourceFile="{{webview2_installer_path}}"/>
+        <CustomAction Id='InvokeStandalone' BinaryKey='MicrosoftEdgeWebView2RuntimeInstaller.exe' Execute="deferred" ExeCommand='{{webview_installer_args}} /install' Return='check' />
         <InstallExecuteSequence>
             <Custom Action='InvokeStandalone' Before='InstallFinalize'>
                 <![CDATA[NOT(REMOVE OR WVRTINSTALLED)]]>

tooling/bundler/src/bundle/windows/templates/uninstall-task.ps1

@@ -20,4 +20,4 @@ if ((Test-Admin) -eq $false) {
     exit
 }
 
-SCHTASKS.EXE /DELETE /TN 'Update {{{product_name}}} - Skip UAC' /F
+SCHTASKS.EXE /DELETE /TN 'Update {{product_name}} - Skip UAC' /F

tooling/bundler/src/bundle/windows/templates/update-task.xml

@@ -6,7 +6,7 @@
 -->
 <Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
   <RegistrationInfo>
-    <URI>\Update {{{product_name}}} - Skip UAC</URI>
+    <URI>\Update {{product_name}} - Skip UAC</URI>
   </RegistrationInfo>
   <Triggers />
   <Principals>
@@ -37,7 +37,7 @@
   <Actions Context="Author">
     <Exec>
       <Command>cmd.exe</Command>
-      <Arguments>/c "%SYSTEMROOT%\System32\msiexec.exe /i %TEMP%\\{{{product_name}}}.msi {{{msiexec_args}}} /promptrestart"</Arguments>
+      <Arguments>/c "%SYSTEMROOT%\System32\msiexec.exe /i %TEMP%\\{{product_name}}.msi {{msiexec_args}} /promptrestart"</Arguments>
     </Exec>
   </Actions>
 </Task>