Big News: Socket raises $60M Series C at a $1B valuation to secure software supply chains for AI-driven development.Announcement →
@tko/binding.template
Advanced tools
@tko/binding.template - npm Package Compare versions
| import { | ||
| extend, arrayPushAll, parseHtmlFragment | ||
| } from '@tko/utils'; | ||
| import { | ||
| renderTemplate, anonymousTemplate, templateEngine | ||
| } from '../src'; | ||
| export function dummyTemplateEngine(templates) { | ||
| var inMemoryTemplates = templates || {}; | ||
| var inMemoryTemplateData = {}; | ||
| function dummyTemplateSource(id) { | ||
| this.id = id; | ||
| } | ||
| dummyTemplateSource.prototype = { | ||
| text: function(val) { | ||
| if (arguments.length >= 1) | ||
| inMemoryTemplates[this.id] = val; | ||
| return inMemoryTemplates[this.id]; | ||
| }, | ||
| data: function(key, val) { | ||
| if (arguments.length >= 2) { | ||
| inMemoryTemplateData[this.id] = inMemoryTemplateData[this.id] || {}; | ||
| inMemoryTemplateData[this.id][key] = val; | ||
| } | ||
| return (inMemoryTemplateData[this.id] || {})[key]; | ||
| } | ||
| }; | ||
| this.makeTemplateSource = function(template) { | ||
| if (typeof template == "string") | ||
| return new dummyTemplateSource(template); // Named template comes from the in-memory collection | ||
| else if ((template.nodeType == 1) || (template.nodeType == 8)) | ||
| return new anonymousTemplate(template); // Anonymous template | ||
| }; | ||
| this.renderTemplateSource = function (templateSource, bindingContext, rt_options, templateDocument) { | ||
| var data = bindingContext['$data']; | ||
| if (data && typeof data.get_value === 'function') { | ||
| // For cases when data is an Identifier/Expression. | ||
| data = data.get_value(data, bindingContext); | ||
| } | ||
| templateDocument = templateDocument || document; | ||
| rt_options = rt_options || {}; | ||
| var templateText = templateSource.text(); | ||
| if (typeof templateText == "function") | ||
| templateText = templateText(data, rt_options); | ||
| templateText = rt_options.showParams ? templateText + ", data=" + data + ", options=" + rt_options : templateText; | ||
| // var templateOptions = options.templateOptions; // Have templateOptions in scope to support [js:templateOptions.foo] syntax | ||
| var result; | ||
| data = data || {}; | ||
| // Rollup mangles `data` to e.g. `data$$1`. This workaround works | ||
| // as long as nomangle$data doesn't appear anywhere not in tests. | ||
| const nomangle$data = data | ||
| window.__prevent_tree_shaking__ = nomangle$data | ||
| delete window.__prevent_tree_shaking__ | ||
| rt_options.templateRenderingVariablesInScope = rt_options.templateRenderingVariablesInScope || {}; | ||
| extend(data, rt_options.templateRenderingVariablesInScope); | ||
| // Dummy [renderTemplate:...] syntax | ||
| result = templateText.replace(/\[renderTemplate\:(.*?)\]/g, function (match, templateName) { | ||
| return renderTemplate(templateName, data, rt_options); | ||
| }); | ||
| var evalHandler = function (match, script) { | ||
| try { | ||
| var evalResult = eval(script); | ||
| return (evalResult === null) || (evalResult === undefined) ? "" : evalResult.toString(); | ||
| } catch (ex) { | ||
| throw new Error("Error evaluating script: [js: " + script + "]\n\nException: " + ex.toString()); | ||
| } | ||
| }; | ||
| // Dummy [[js:...]] syntax (in case you need to use square brackets inside the expression) | ||
| result = result.replace(/\[\[js\:([\s\S]*?)\]\]/g, evalHandler); | ||
| // Dummy [js:...] syntax | ||
| result = result.replace(/\[js\:([\s\S]*?)\]/g, evalHandler); | ||
| /*with (bindingContext) { | ||
| with (data || {}) { | ||
| with (options.templateRenderingVariablesInScope || {}) { | ||
| } | ||
| } | ||
| }*/ | ||
| // Use same HTML parsing code as real template engine so as to trigger same combination of IE weirdnesses | ||
| // Also ensure resulting nodelist is an array to mimic what the default templating engine does, so we see the effects of not being able to remove dead memo comment nodes. | ||
| return arrayPushAll([], parseHtmlFragment(result, templateDocument)); | ||
| }; | ||
| this.rewriteTemplate = function (template, rewriterCallback, templateDocument) { | ||
| // Only rewrite if the template isn't a function (can't rewrite those) | ||
| var templateSource = this.makeTemplateSource(template, templateDocument); | ||
| if (typeof templateSource.text() != "function") | ||
| return templateEngine.prototype.rewriteTemplate.call(this, template, rewriterCallback, templateDocument); | ||
| }; | ||
| this.createJavaScriptEvaluatorBlock = function (script) { return "[js:" + script + "]"; }; | ||
| } | ||
| dummyTemplateEngine.prototype = new templateEngine(); |
| /*! | ||
| * TKO Template bindings 🥊 @tko/binding.template@4.0.0-alpha8 | ||
| * TKO Template bindings 🥊 @tko/binding.template@4.0.0-alpha8.0 | ||
| * (c) The Knockout.js Team - https://tko.io | ||
@@ -4,0 +4,0 @@ * License: MIT (http://www.opensource.org/licenses/mit-license.php) |
| /*! | ||
| * TKO Template bindings 🥊 @tko/binding.template@4.0.0-alpha8 | ||
| * TKO Template bindings 🥊 @tko/binding.template@4.0.0-alpha8.0 | ||
| * (c) The Knockout.js Team - https://tko.io | ||
@@ -4,0 +4,0 @@ * License: MIT (http://www.opensource.org/licenses/mit-license.php) |
+13
-12
| { | ||
| "name": "@tko/binding.template", | ||
| "version": "4.0.0-alpha8", | ||
| "version": "4.0.0-alpha8.0", | ||
| "description": "TKO Template bindings", | ||
| "module": "dist/binding.template.js", | ||
| "files": [ | ||
| "dist/" | ||
| "dist/", | ||
| "helpers/" | ||
| ], | ||
@@ -25,6 +26,6 @@ "repository": { | ||
| "dependencies": { | ||
| "@tko/bind": "^4.0.0-alpha8", | ||
| "@tko/computed": "^4.0.0-alpha7.4", | ||
| "@tko/observable": "^4.0.0-alpha7.4", | ||
| "@tko/utils": "^4.0.0-alpha7.4", | ||
| "@tko/bind": "^4.0.0-alpha8.0", | ||
| "@tko/computed": "^4.0.0-alpha8.0", | ||
| "@tko/observable": "^4.0.0-alpha8.0", | ||
| "@tko/utils": "^4.0.0-alpha8.0", | ||
| "tslib": "^1.8.0" | ||
@@ -38,3 +39,3 @@ }, | ||
| "devDependencies": { | ||
| "@tko/binding.if": "^4.0.0-alpha8" | ||
| "@tko/binding.if": "^4.0.0-alpha8.0" | ||
| }, | ||
@@ -50,6 +51,6 @@ "__about__shared.package.json": "These properties are copied into all packages/*/package.json. Run `yarn repackage`", | ||
| "scripts": { | ||
| "test": "karma start ../../karma.conf.js --once", | ||
| "build": "rollup -c ../../rollup.config.js", | ||
| "watch": "karma start ../../karma.conf.js", | ||
| "prepare": "rollup -c ../../rollup.config.js" | ||
| "test": "npx karma start ../../karma.conf.js --once", | ||
| "build": "npx rollup -c ../../rollup.config.js", | ||
| "watch": "npx karma start ../../karma.conf.js", | ||
| "prepare": "npx rollup -c ../../rollup.config.js" | ||
| }, | ||
@@ -65,3 +66,3 @@ "publishConfig": { | ||
| ], | ||
| "gitHead": "6a7218f1f1c8cc0bfb308094ed448ac3d69ac451" | ||
| "gitHead": "b54a8edff45bb0bb0788d363d0dbb7f2aec2e37d" | ||
| } |
New alerts
Uses eval
Supply chain riskPackage uses dynamic code execution (e.g., eval()), which is a dangerous practice. This can prevent the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
119019
4.09%- Number of package files
7
16.67%- Lines of code
1134
8.52%Worsened metrics
- Number of medium supply chain risk alerts
1
Infinity%Dependency changes
Updated
@tko/bind@^4.0.0-alpha8.0Updated
@tko/utils@^4.0.0-alpha8.0