add ALLOW_JSONPATH_EVAL option to .env

This commit is contained in:
Andrew Cantino 2014-04-18 00:25:31 -07:00
parent c39d4cc975
commit 13038ce841
2 changed files with 10 additions and 2 deletions

View file

@ -78,6 +78,14 @@ AWS_ACCESS_KEY="your aws access key"
# Set AWS_SANDBOX to true if you're developing Huginn code.
AWS_SANDBOX=false
########################
# Various Settings #
########################
# Allow JSONPath eval expresions. i.e., $..price[?(@ < 20)]
# You should not allow this on a shared Huginn box because it is not secure.
ALLOW_JSONPATH_EVAL=false
# Use Graphviz for generating diagrams instead of using Google Chart
# Tools. Specify a dot(1) command path built with SVG support
# enabled.

View file

@ -56,7 +56,7 @@ module Utils
escape = false
end
result = JsonPath.new(path, :allow_eval => false).on(data.is_a?(String) ? data : data.to_json)
result = JsonPath.new(path, :allow_eval => ENV['ALLOW_JSONPATH_EVAL'] == "true").on(data.is_a?(String) ? data : data.to_json)
if escape
result.map {|r| CGI::escape r }
else
@ -79,4 +79,4 @@ module Utils
def self.pretty_jsonify(thing)
JSON.pretty_generate(thing).gsub('</', '<\/')
end
end
end