@bigcommerce/stencil-paper-handlebars
Advanced tools
@bigcommerce/stencil-paper-handlebars - npm Package Compare versions
Comparing version 4.4.4 to 4.4.6
@@ -5,2 +5,9 @@ # Changelog | ||
| ## 4.4.6 | ||
| - Removed path and fs modules from helpers.js, so it can be run on non-Nodejs environment | ||
| ## 4.4.5 | ||
| - Reverted escaping injected values | ||
| - Fix concat function to return SafeString object | ||
| ## 4.4.4 | ||
@@ -7,0 +14,0 @@ - Escape injected values |
@@ -1,23 +0,71 @@ | ||
| 'use strict'; | ||
| const helpersList = [ | ||
| 'all', | ||
| 'any', | ||
| 'assignVar', | ||
| 'block', | ||
| 'cdn', | ||
| 'compare', | ||
| 'concat', | ||
| 'contains', | ||
| 'decrementVar', | ||
| 'dynamicComponent', | ||
| 'encodeHtmlEntities', | ||
| 'for', | ||
| 'getContentImage', | ||
| 'getContentImageSrcset', | ||
| 'getFontLoaderConfig', | ||
| 'getFontsCollection', | ||
| 'getImage', | ||
| 'getImageManagerImage', | ||
| 'getImageManagerImageSrcset', | ||
| 'getImageSrcset', | ||
| 'getVar', | ||
| 'helperMissing', | ||
| 'if', | ||
| 'incrementVar', | ||
| 'inject', | ||
| 'join', | ||
| 'jsContext', | ||
| 'json', | ||
| 'lang', | ||
| 'langJson', | ||
| 'limit', | ||
| 'money', | ||
| 'nl2br', | ||
| 'occurrences', | ||
| 'or', | ||
| 'partial', | ||
| 'pluck', | ||
| 'pre', | ||
| 'region', | ||
| 'replace', | ||
| 'resourceHints', | ||
| 'setURLQueryParam', | ||
| 'snippets', | ||
| 'stripQuerystring', | ||
| 'stylesheet', | ||
| 'thirdParty', | ||
| 'toLowerCase', | ||
| 'truncate', | ||
| 'unless', | ||
| ]; | ||
| const fs = require('fs'); | ||
| const Path = require('path'); | ||
| const deprecatedHelpersList = [ | ||
| 'enumerate', | ||
| 'equals', | ||
| 'getShortMonth', | ||
| 'pick' | ||
| ]; | ||
| let helpers = []; | ||
| // Load helpers | ||
| fs.readdirSync(Path.join(__dirname, 'helpers')).forEach(filename => { | ||
| if (!fs.lstatSync(Path.join(__dirname, 'helpers', filename)).isDirectory()) { | ||
| helpers = helpers.concat(require('./helpers/' + filename)); | ||
| } | ||
| }); | ||
| helpersList.forEach(helper => { | ||
| helpers = [...helpers, ...require(`./helpers/${helper}.js`)]; | ||
| }) | ||
| // Load deprecated helpers | ||
| fs.readdirSync(Path.join(__dirname, 'helpers', 'deprecated')).forEach(filename => { | ||
| if (!fs.lstatSync(Path.join(__dirname, 'helpers', 'deprecated', filename)).isDirectory()) { | ||
| helpers = helpers.concat(require('./helpers/deprecated/' + filename)); | ||
| } | ||
| }); | ||
| deprecatedHelpersList.forEach(helper => { | ||
| helpers = [...helpers, ...require(`./helpers/deprecated/${helper}.js`)]; | ||
| }) | ||
| // Export full list of helpers | ||
| module.exports = helpers; |
| 'use strict'; | ||
| const SafeString = require('handlebars').SafeString; | ||
@@ -10,3 +11,3 @@ /** | ||
| return function(value, otherValue) { | ||
| return new globals.handlebars.SafeString(value + otherValue); | ||
| return new SafeString(value + otherValue); | ||
| }; | ||
@@ -13,0 +14,0 @@ }; |
| 'use strict'; | ||
| const factory = globals => { | ||
| function filterValues(value) { | ||
| let result = value; | ||
| try { | ||
| JSON.parse(value); | ||
| } catch (e) { | ||
| if (typeof value === 'string') { | ||
| result = globals.handlebars.escapeExpression(value); | ||
| } | ||
| if (typeof value === 'object' && value !== null && !Array.isArray(value)) { | ||
| result = filterObjectValues(value); | ||
| } | ||
| if (Array.isArray(value)) { | ||
| result = value.map(item => { | ||
| return filterValues(item); | ||
| }); | ||
| } | ||
| } | ||
| return result; | ||
| } | ||
| function filterObjectValues(obj) { | ||
| let filteredObject = {}; | ||
| Object.keys(obj).forEach(key => { | ||
| filteredObject[key] = filterValues(obj[key]); | ||
| }); | ||
| return filteredObject; | ||
| } | ||
| return function(key, value) { | ||
@@ -42,3 +15,3 @@ if (typeof value === 'function') { | ||
| // Store value for later use by jsContext | ||
| globals.storage.inject[key] = filterValues(value); | ||
| globals.storage.inject[key] = value; | ||
| }; | ||
@@ -45,0 +18,0 @@ }; |
| { | ||
| "name": "@bigcommerce/stencil-paper-handlebars", | ||
| "version": "4.4.4", | ||
| "version": "4.4.6", | ||
| "description": "A paper plugin to render pages using Handlebars.js", | ||
@@ -5,0 +5,0 @@ "main": "index.js", |
@@ -11,13 +11,2 @@ const Lab = require('lab'), | ||
| value2: "Commerce", | ||
| badChars: "&<>\"'`", | ||
| jsonString: JSON.stringify({"big": "commerce"}), | ||
| nested: { | ||
| firstName: "&<>", | ||
| lastName: "\"'`", | ||
| addresses: [ | ||
| { | ||
| street: "123 &<>\"'` St" | ||
| } | ||
| ], | ||
| }, | ||
| }; | ||
@@ -35,30 +24,2 @@ | ||
| }); | ||
| it('should escape strings', function(done) { | ||
| runTestCases([ | ||
| { | ||
| input: "{{inject 'filtered' badChars}}{{jsContext}}", | ||
| output: '"{\\"filtered\\":\\"&<>"'`\\"}"', | ||
| } | ||
| ], done); | ||
| }); | ||
| it('should exclude JSON strings from filtering', function(done) { | ||
| runTestCases([ | ||
| { | ||
| input: "{{inject 'filtered' jsonString}}{{jsContext}}", | ||
| output: '"{\\"filtered\\":\\"{\\\\\\"big\\\\\\":\\\\\\"commerce\\\\\\"}\\"}"', | ||
| } | ||
| ], done); | ||
| }); | ||
| it('should escape strings nested in objects and arrays', function(done) { | ||
| runTestCases([ | ||
| { | ||
| input: "{{inject 'filtered' nested}}{{jsContext}}", | ||
| output: '"{\\"filtered\\":{\\"firstName\\":\\"&<>\\",\\"lastName\\":\\""'`\\",\\"addresses\\":[{\\"street\\":\\"123 &<>"'` St\\"}]}}"', | ||
| } | ||
| ], done); | ||
| }); | ||
| }); |
@@ -34,2 +34,11 @@ const Lab = require('lab'), | ||
| }); | ||
| it('should work together with concat', function(done) { | ||
| runTestCases([ | ||
| { | ||
| input: '{{{json (concat \'Hello \' \'World\')}}}', | ||
| output: '"Hello World"', | ||
| }, | ||
| ], done); | ||
| }); | ||
| }); |
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
New author
Supply chain riskA new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.
Found 1 instance in 1 package
Dynamic require
Supply chain riskDynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.
Found 1 instance in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Dynamic require
Supply chain riskDynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.
Found 1 instance in 1 package
Filesystem access
Supply chain riskAccesses the file system, and could potentially read sensitive data.
Found 1 instance in 1 package
Improved metrics
- Number of low supply chain risk alerts
- decreased by-25%
3
Worsened metrics
- Total package byte prevSize
- decreased by-0.5%
220108
- Lines of code
- decreased by-0.07%
6083
- Number of medium supply chain risk alerts
- increased by100%
2