summaryrefslogtreecommitdiffstats
path: root/lib/handlebars/utils.js
Commit message (Collapse)AuthorAgeFilesLines
* Update to latest eslintkpdecker2015-09-011-2/+2
|
* Escape = in HTML contentkpdecker2015-09-011-3/+4
| | | | | There was a potential XSS exploit when using unquoted attributes that this should help reduce. Fixes #1083
* Increase code coveragekpdecker2015-08-011-4/+4
|
* Move helpers into separate moduleskpdecker2015-08-011-0/+6
|
* Remove jshint completelykpdecker2015-04-271-1/+0
|
* Update for let and optional parameterskpdecker2015-04-201-10/+10
|
* Add full support for es6kpdecker2015-04-161-6/+8
| | | | | | | | Converts the tool chain to use babel, eslint, and webpack vs. the previous proprietary solutions. Additionally begins enforcing additional linting concerns as well as updates the code to reflect these rules. Fixes #855 Fixes #993
* Optimize hot path in escapeExpressionkpdecker2015-03-161-13/+15
| | | | | Avoid deoptimizations in v8 due to the duct type check on string instances. Partial fix for #973
* Fix block param evaluation under older IEkpdecker2014-12-271-0/+10
|
* Implement block parameterskpdecker2014-12-261-0/+5
| | | Fixes #907
* Remove unused vars and add jshint checkingkpdecker2014-12-161-2/+0
|
* Use toHTML vs. instanceof checks for SafeStringkpdecker2014-11-081-2/+2
| | | | | | Allows for us to play nicely in environments such as Node that could have multiple versions of the library loaded. Also allows for implementors to provide their own behavior, provided they know what they are doing. Fixes #886
* Render false literal as “false”kpdecker2014-08-251-1/+3
| | | Fixes #827
* Increase test coverage a touchkpdecker2014-08-141-1/+3
|
* Add contextPath tracking in builtin helperskpdecker2014-01-171-0/+4
|
* Improve usefulness of extend util, properly use namespace property, update ↵Blake Embrey2014-01-161-4/+8
| | | | setup options to use a hash helper.
* Run jshint on outputkpdecker2013-12-011-0/+1
| | | Allows us to execute jshint in non-forced mode.
* Allow extend to work with non-prototyped objectskpdecker2013-12-011-1/+1
| | | ES6 modules do not extend the Object prototype so this blows up under the latest version of the transpiler.
* Unify isArray/isFunction/toString implementationskpdecker2013-11-051-2/+20
| | | | | Restores Array.isArray polyfill for all use cases. Fixes #645
* Cleanup unused var warningskpdecker2013-10-091-2/+1
|
* Break safe string out into standalone modulekpdecker2013-10-011-11/+4
|
* Break exception class out into a standalone modulekpdecker2013-10-011-13/+0
|
* Merge branch 'master' into es6-moduleskpdecker2013-09-021-3/+4
|\ | | | | | | | | | | | | | | | | | | | | | | | | Conflicts: Gruntfile.js Rakefile dist/handlebars.js dist/handlebars.runtime.js lib/handlebars.js lib/handlebars/base.js lib/handlebars/runtime.js lib/handlebars/utils.js package.json
| * Simplify falsy handlingkpdecker2013-08-241-1/+1
| |
| * Unify isFunction/isArray handlingkpdecker2013-08-241-2/+3
| |
| * jshintkpdecker2013-08-241-0/+2
| |
* | Merge commit '87b5d4ee61605b026506e92c9e8873d867c5f150' into es6-moduleskpdecker2013-09-021-2/+2
|\ \ | |/ | | | | | | | | | | | | Conflicts: dist/handlebars.js dist/handlebars.runtime.js lib/handlebars/base.js lib/handlebars/utils.js
| * Use the ('' + string) form of string coercionParker Selbert2013-08-141-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | Using string.toString() will throw errors in current versions of Safari (6.0.5 currently) for some values. The error is a particularly cryptic "Type Error: type error", which no indication as to the value that caused the error. By using the '' + string form of coercion the error doesn't seem to occur. Depending on the browser used there is a sizable performance increase in using the concatenation form of coercion. In instances where there is not a performance improvement (i.e. Firefox), the speed difference is entirely negligable. See: http://jsperf.com/convert-to-string-bj/3
* | Initial work on ES6 modulesYehuda Katz2013-07-011-46/+37
|/
* added local pointer to handlerbars.utils to allow this to browserify ↵Tommy Messbauer2013-05-091-0/+2
| | | | properly for IE
* Allow multiple partial and helper registrationkpdecker2013-04-071-0/+8
| | | | | | Fixes #369
* Force toString in escapeExpressionkpdecker2013-04-061-0/+5
| | | Fixes #211
* Remove unnecessary child scopeskpdecker2013-02-161-35/+33
|
* mergeTommy Messbauer2013-02-111-5/+1
|\
| * Simplify isEmptykpdecker2013-01-131-5/+1
| |
* | Merged upstream master and ran unit testsTommy Messbauer2012-11-261-5/+7
|\ \ | |/
| * Fix handling of Errors in ChromePeter Wagenet2012-11-021-4/+6
| |
| * properly handle amperstands when HTML escapingBrian Palmer2012-02-291-1/+2
| | | | | | | | | | | | | | | | | | | | escapeExpression, when given a string like "&gt;", was simply returning "&gt;", not escaping the amperstand. This is incorrect, and makes it impossible to have Handlebars properly escape a string like "Escaped, <b> looks like: &lt;b&gt;" If the intention of the user is to not escape these characters, then {{{}}} or {{&}} should be used
* | Factory update with tabs to spaces.. sorry :(Tommy Messbauer2012-11-261-56/+56
| |
* | Commiting initial factory codeTommy Messbauer2012-08-291-55/+59
|/
* Fixed whitespace and semi-colonsPeter Wagenet2012-02-081-1/+1
|
* Handlebars errors should copy the message overYehuda Katz2011-12-271-0/+2
|
* Fix module loading within nodekpdecker2011-07-301-1/+1
|
* * Remove legacy support for inverse sections as additional parameters.tomhuda2011-07-071-1/+6
| | | | * Unify inverse and normal block helpers * Make Handlebars.Exception inherit from JS Error
* Updated the boolean functions to work with YUI compressor. Linted other ↵gleitz2011-06-221-1/+1
| | | | files for consistency
* Remove / from the list of escaped chars and add `.Ryan Grove2011-05-091-3/+3
| | | | | | | | It's probably fine not to escape /, since its only danger is in ending entities (like &amp/). This isn't a problem for us, since the badChars regex won't allow it and the & will get escaped. It turns out ` can be used to quote attribute values in IE, so it needs to be escaped along with " and '.
* Add ", ', and / to the list of chars that need HTML escaping.Ryan Grove2011-04-251-3/+6
| | | | | | | | | | | | | Previously, only < and > were escaped. This meant that any Handlebars template that used user input in an HTML attribute value was wide open to a trivial XSS exploit. Note that unquoted attribute values are still open to attack, but this set of characters at least brings Handlebars in line with other Mustache implementations and other template languages. See the OWASP XSS prevention cheat sheet (rule #1) for the rationale behind escaping these characters: https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet
* IE 7 hates trailing commasDavid Stone2011-01-251-1/+1
|
* Restructure things more simplywycats2010-12-291-4/+1
|
* escapeExpressions should return "" for falsy valueswycats2010-12-211-2/+2
|
* Everything is working now on the new VM except for partials and inverse sectionswycats2010-12-151-38/+38
|
* lintingwycats2010-12-041-8/+4
|
* Fix up the compilation processwycats2010-12-041-8/+6
|
* A few more lingering bugs:wycats2010-12-031-0/+13
| | | | | | | * add helperMissing.not to the specs * add Handlebars.Utils.isEmpty * add runtime handling for inverse sections * fix __get__ to pass an IdNode to evaluate * handle case in wrapProgram where context is undefined
* Fix a number of outstanding issues:wycats2010-12-021-0/+54
* {{}} escape their contents, {{{}}} and {{& }} do not * Add support in the parser, tokenizer and AST for partials with context (support is still not there in the runtime) * Fix some inconsistencies with the old behavior involving the correct printing of null and undefined * Add Handlebars.Exception * Fixed an issue involving ./foo and this/foo * Fleshed out helperMissing in the specs (this will be moved out into handlebars proper once registerHelper and registerPartial are added)
generated by cgit v1.1 at 2025-05-10 22:39:38 +0000