Releases: YahooArchive/secure-handlebars
Updated dependencies
See notes of #145 for details
Enhancement of warning / error messages
v1.1.1 Version 1.1.1
Release workarounds for pre-escaping data for JS
Add warnings to non-data placements of partials, raw blocks, and {{&expression}}
- Add warnings to non-data placements of partials, raw blocks, and {{&expression}}
- Include hyperlink for warning resolution
- Expose public APIs preprocess() and compilePreprocessed() for secure-handlebars
- Leverage the latest html-decoder that is smaller is size
Fix the issue of escaped mustache handling
- Add the parsing logic to handle the escaped mustache markup.
Version 1.0.4
- Fix the parsing error of identifying single ID in the Handlebars escape expressions
- Exclude the escaping when a filter receives Handlebars.SafeString from upstream
Remove fs and path dependency
Removing the fs and path dependency in the package.json as both are supported natively in NodeJS.
Tentatively disable the IE conditional comment handling
- Tentatively disable the IE conditional comment handling in the template file
Include the dist javascript in the package (Beta)
v1.0.1-beta Version 1.0.1 Beta
Secure Handlebars v1.0.0 Beta
- rebrand as secure-handlebars. reset version number.
- facilitate client-side use by shipping distributable with handlebars, context-parser, and xss-filters bundled.
- support css parsing for style attributes
- support html input pre-processing and automatic parse error corrections.
Included as follows the release history of the previous package name - context-parser-handlebars:
context-parser-handlebars v2.0.0
api contextualize is not backward compatible with version 1
context-parser-handlebars v1.1.0
built AST tree before context analyzing.
context-parser-handlebars v1.0.6
fix the state inconsistent bug
fix full URI filter decision
context-parser-handlebars v1.0.5
add benchmark utility
handle {{&markup}} by skipping it.
rewrite the test cases with shared test patterns
clean up and remove duplicated code
context-parser-handlebars v1.0.4
fix the issue of line no and char no reporting in warning message
fix the issue of state propagation in branching template.
fix the issue of skipping all expressions within raw block.
add cite, background, longdesc, usemap and xlink:href as attribute name in URI context.
refactor code to make it more concise.
context-parser-handlebars v1.0.3
fix the html5 inconsistent state issue of <script> tag.
support raw block by skipping it.
enhance the debugging message of branching processing.
context-parser-handlebars v1.0.2
support raw, escape, partial, comment, branching (iteration), data variable expression parsing.
support Handlebars 3.0.0 whitespace control.
refactor the branching logic handling with new AST instead of Handlebars AST.
add expression validation before processing.
remove Handlebars 2.0.0 parser for parsing branching expression.
fix the issues of parsing comment expression.