handlebars.runtime.js in handlebars-source-3.0.7 vs handlebars.runtime.js in handlebars-source-3.0.8
- old
+ new
@@ -1,8 +1,8 @@
/*!
- handlebars v3.0.7
+ handlebars v3.0.8
Copyright (C) 2011-2014 by Yehuda Katz
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
@@ -427,11 +427,11 @@
instance.registerHelper('lookup', function (obj, field) {
if (!obj) {
return obj;
}
- if (field === 'constructor' && !obj.propertyIsEnumerable(field)) {
+ if (Utils.dangerousPropertyRegex.test(String(field)) && !Object.prototype.hasOwnProperty.call(obj, field)) {
return undefined;
}
return obj[field];
});
}
@@ -585,9 +585,12 @@
}
function appendContextPath(contextPath, id) {
return (contextPath ? contextPath + '.' : '') + id;
}
+
+ var dangerousPropertyRegex = /^(constructor|__defineGetter__|__defineSetter__|__lookupGetter__|__proto__)$/;
+ exports.dangerousPropertyRegex = dangerousPropertyRegex;
/***/ }),
/* 5 */
/***/ (function(module, exports, __webpack_require__) {
\ No newline at end of file