handlebars.runtime.js in handlebars-source-4.6.0 vs handlebars.runtime.js in handlebars-source-4.7.0
- old
+ new
@@ -1,9 +1,9 @@
/**!
@license
- handlebars v4.6.0
+ handlebars v4.7.0
Copyright (C) 2011-2019 by Yehuda Katz
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
@@ -109,11 +109,11 @@
var _handlebarsRuntime = __webpack_require__(33);
var runtime = _interopRequireWildcard(_handlebarsRuntime);
- var _handlebarsNoConflict = __webpack_require__(42);
+ var _handlebarsNoConflict = __webpack_require__(43);
var _handlebarsNoConflict2 = _interopRequireDefault(_handlebarsNoConflict);
// For compatibility and usage outside of module systems, make the Handlebars object a namespace
function create() {
@@ -205,11 +205,11 @@
var _logger = __webpack_require__(31);
var _logger2 = _interopRequireDefault(_logger);
- var VERSION = '4.6.0';
+ var VERSION = '4.7.0';
exports.VERSION = VERSION;
var COMPILER_REVISION = 8;
exports.COMPILER_REVISION = COMPILER_REVISION;
var LAST_COMPATIBLE_COMPILER_REVISION = 7;
@@ -1238,11 +1238,11 @@
var _helpers = __webpack_require__(9);
var _internalWrapHelper = __webpack_require__(38);
- var _internalCreateNewLookupObject = __webpack_require__(39);
+ var _internalProtoAccess = __webpack_require__(39);
function checkRevision(compilerInfo) {
var compilerRevision = compilerInfo && compilerInfo[0] || 1,
currentRevision = _base.COMPILER_REVISION;
@@ -1287,12 +1287,11 @@
}
partial = env.VM.resolvePartial.call(this, partial, context, options);
var extendedOptions = Utils.extend({}, options, {
hooks: this.hooks,
- allowedProtoMethods: this.allowedProtoMethods,
- allowedProtoProperties: this.allowedProtoProperties
+ protoAccessControl: this.protoAccessControl
});
var result = env.VM.invokePartial.call(this, partial, context, extendedOptions);
if (result == null && env.compile) {
@@ -1327,16 +1326,18 @@
}
return obj[name];
},
lookupProperty: function lookupProperty(parent, propertyName) {
var result = parent[propertyName];
+ if (result == null) {
+ return result;
+ }
if (Object.prototype.hasOwnProperty.call(parent, propertyName)) {
return result;
}
- var whitelist = typeof result === 'function' ? container.allowedProtoMethods : container.allowedProtoProperties;
- if (whitelist[propertyName] === true) {
+ if (_internalProtoAccess.resultIsAllowed(result, container.protoAccessControl, propertyName)) {
return result;
}
return undefined;
},
lookup: function lookup(depths, name) {
@@ -1415,13 +1416,15 @@
}
function main(context /*, options*/) {
return '' + templateSpec.main(container, context, container.helpers, container.partials, data, blockParams, depths);
}
+
main = executeDecorators(templateSpec.main, main, container, options.depths || [], data, blockParams);
return main(context, options);
}
+
ret.isTop = true;
ret._setup = function (options) {
if (!options.partial) {
var mergedHelpers = Utils.extend({}, env.helpers, options.helpers);
@@ -1435,19 +1438,17 @@
if (templateSpec.usePartial || templateSpec.useDecorators) {
container.decorators = Utils.extend({}, env.decorators, options.decorators);
}
container.hooks = {};
- container.allowedProtoProperties = _internalCreateNewLookupObject.createNewLookupObject(options.allowedProtoProperties);
- container.allowedProtoMethods = _internalCreateNewLookupObject.createNewLookupObject(options.allowedProtoMethods);
+ container.protoAccessControl = _internalProtoAccess.createProtoAccessControl(options);
var keepHelperInHelpers = options.allowCallsToHelperMissing || templateWasPrecompiledWithCompilerV7;
_helpers.moveHelperToHooks(container, 'helperMissing', keepHelperInHelpers);
_helpers.moveHelperToHooks(container, 'blockHelperMissing', keepHelperInHelpers);
} else {
- container.allowedProtoProperties = options.allowedProtoProperties;
- container.allowedProtoMethods = options.allowedProtoMethods;
+ container.protoAccessControl = options.protoAccessControl; // internal option
container.helpers = options.helpers;
container.partials = options.partials;
container.decorators = options.decorators;
container.hooks = options.hooks;
}
@@ -1638,28 +1639,63 @@
'use strict';
var _Object$create = __webpack_require__(40)['default'];
+ var _interopRequireWildcard = __webpack_require__(1)['default'];
+
exports.__esModule = true;
- exports.createNewLookupObject = createNewLookupObject;
+ exports.createProtoAccessControl = createProtoAccessControl;
+ exports.resultIsAllowed = resultIsAllowed;
- var _utils = __webpack_require__(4);
+ var _createNewLookupObject = __webpack_require__(42);
- /**
- * Create a new object with "null"-prototype to avoid truthy results on prototype properties.
- * The resulting object can be used with "object[property]" to check if a property exists
- * @param {...object} sources a varargs parameter of source objects that will be merged
- * @returns {object}
- */
+ var _logger = __webpack_require__(31);
- function createNewLookupObject() {
- for (var _len = arguments.length, sources = Array(_len), _key = 0; _key < _len; _key++) {
- sources[_key] = arguments[_key];
+ var logger = _interopRequireWildcard(_logger);
+
+ function createProtoAccessControl(runtimeOptions) {
+ var defaultMethodWhiteList = _Object$create(null);
+ defaultMethodWhiteList['constructor'] = false;
+ defaultMethodWhiteList['__defineGetter__'] = false;
+ defaultMethodWhiteList['__defineSetter__'] = false;
+ defaultMethodWhiteList['__lookupGetter__'] = false;
+
+ var defaultPropertyWhiteList = _Object$create(null);
+ // eslint-disable-next-line no-proto
+ defaultPropertyWhiteList['__proto__'] = false;
+
+ return {
+ properties: {
+ whitelist: _createNewLookupObject.createNewLookupObject(defaultPropertyWhiteList, runtimeOptions.allowedProtoProperties),
+ defaultValue: runtimeOptions.allowProtoPropertiesByDefault
+ },
+ methods: {
+ whitelist: _createNewLookupObject.createNewLookupObject(defaultMethodWhiteList, runtimeOptions.allowedProtoMethods),
+ defaultValue: runtimeOptions.allowProtoMethodsByDefault
+ }
+ };
+ }
+
+ function resultIsAllowed(result, protoAccessControl, propertyName) {
+ if (typeof result === 'function') {
+ return checkWhiteList(protoAccessControl.methods, propertyName);
+ } else {
+ return checkWhiteList(protoAccessControl.properties, propertyName);
}
+ }
- return _utils.extend.apply(undefined, [_Object$create(null)].concat(sources));
+ function checkWhiteList(protoAccessControlForType, propertyName) {
+ if (protoAccessControlForType.whitelist[propertyName] !== undefined) {
+ return protoAccessControlForType.whitelist[propertyName] === true;
+ }
+ if (protoAccessControlForType.defaultValue !== undefined) {
+ return protoAccessControlForType.defaultValue;
+ }
+ // eslint-disable-next-line no-console
+ logger.log('error', 'Handlebars: Access has been denied to resolve the property "' + propertyName + '" because it is not an "own property" of its parent.\n' + 'You can add a runtime option to disable the check or this warning:\n' + 'See http://localhost:8080/api-reference/runtime-options.html#options-to-control-prototype-access for details');
+ return false;
}
/***/ }),
/* 40 */
/***/ (function(module, exports, __webpack_require__) {
@@ -1675,9 +1711,37 @@
return $.create(P, D);
};
/***/ }),
/* 42 */
+/***/ (function(module, exports, __webpack_require__) {
+
+ 'use strict';
+
+ var _Object$create = __webpack_require__(40)['default'];
+
+ exports.__esModule = true;
+ exports.createNewLookupObject = createNewLookupObject;
+
+ var _utils = __webpack_require__(4);
+
+ /**
+ * Create a new object with "null"-prototype to avoid truthy results on prototype properties.
+ * The resulting object can be used with "object[property]" to check if a property exists
+ * @param {...object} sources a varargs parameter of source objects that will be merged
+ * @returns {object}
+ */
+
+ function createNewLookupObject() {
+ for (var _len = arguments.length, sources = Array(_len), _key = 0; _key < _len; _key++) {
+ sources[_key] = arguments[_key];
+ }
+
+ return _utils.extend.apply(undefined, [_Object$create(null)].concat(sources));
+ }
+
+/***/ }),
+/* 43 */
/***/ (function(module, exports) {
/* WEBPACK VAR INJECTION */(function(global) {'use strict';
exports.__esModule = true;
\ No newline at end of file