Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

context-parser-handlebars

Package Overview
Dependencies
Maintainers
1
Versions
11
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

context-parser-handlebars

Handlebars Context PreCompiler

  • 1.0.2
  • npm
  • Socket score

Version published
Weekly downloads
1
decreased by-50%
Maintainers
1
Weekly downloads
 
Created
Source

Handlebars Context Pre-compiler

Handlebars Pre-compiler with Context Parser. This npm package provides a handy command line utility to pre-process the Handlebars template by adding customized filters based on the context analysis of the HTML5 pages without affecting the exisiting framework of using Handlebars for their web applications.

Overview

  • This pre-compiler processes the Handlebars template file by analyzing the execution context of output markup of the Handlebars based on the WHATWG HTML5 Specification. With the knowledge of the execution context, our pre-compiler can add the correct output filters to the Handlebars template file to defend against XSS automatically.

Quick Start

Install the npm context-parser-handlebars from the npm repo.

npm install context-parser-handlebars

Server-side (command line)

Prepare a simple handlebars template file.

cat <handlebars template file>
<html><title>{{title}}</title></html>

Run the handlebars template file with our Handlebars Pre-compiler and context filter is added.

./bin/handlebarspc <handlebars template file>
<html><title>{{{yd title}}}</title></html>

The new pre-compiled template file is compatible with vanilla Handlebars and those can be used in the vanilla Handlebars with our new secure-handlebars-helpers in the client side!

Note: the default 'h' filter in Handlebars is disabled with raw {{{expression}}}.

Server-side (nodejs)

Analyze the execution context of HTML 5 web page in server side.

/* create the context parser */
var ContextParserHandlebars = require("context-parser-handlebars");
var parser = new ContextParserHandlebars();

/* read the html web page */
var data = '<html><title>{{title}}</title></html>';

/* analyze the execution context */
try {
    parser.contextualize(data);
    /* the output is the new handlebars template file with context filter added! 
       var output = '<html><title>{{{yd title}}}</title></html>';
    */
    var output = parser.getBuffer().join('');
} catch (err) {
    ...
}
...

Development

How to test

npm test

Build

Build Status

Limitations

  • Our approach is the static analysis of the template file in which dynamic data affecting the execution context of the HTML5 page cannot be handled by our pre-compiler.
  • We handle HTML specification only, we don't support Javascript and CSS context right now!
  • We assume that the in state and out state of partial is DATA state now!

License

This software is free to use under the BSD license. See the LICENSE file for license text and copyright information.

Keywords

FAQs

Package last updated on 26 Feb 2015

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc