Research
Security News
Threat Actor Exposes Playbook for Exploiting npm to Build Blockchain-Powered Botnets
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
handlebars
Advanced tools
Handlebars provides the power necessary to let you build semantic templates effectively with no frustration
Handlebars is a popular templating engine for JavaScript. It allows you to create templates with dynamic content that can be rendered with different contexts. It is commonly used to generate HTML for web pages, but can also be used for other types of text output.
Simple Templating
Handlebars allows you to iterate over an array and generate HTML for each item. In this example, 'people' is an array that is iterated over, and for each item, a paragraph element is created with the content of the item.
{{#each people}}<p>{{this}}</p>{{/each}}
Conditional Statements
You can use conditional statements in your templates to render different HTML based on the context. Here, if 'isAdmin' is true, a button is displayed; otherwise, a paragraph is shown.
{{#if isAdmin}}<button>Admin</button>{{else}}<p>Not an admin</p>{{/if}}
Custom Helpers
Handlebars allows you to define custom helpers that you can use in your templates. In this example, a 'loud' helper is created that converts a string to uppercase.
Handlebars.registerHelper('loud', function (aString) { return aString.toUpperCase(); });
Built-in Helpers
Handlebars provides built-in helpers like 'with' which you can use to change the context within a block. This example shows how to use the 'with' helper to access properties of an object without repeating the object name.
{{#with person}}<p>{{firstName}} {{lastName}}</p>{{/with}}
Partials
Partials are reusable template fragments in Handlebars. You can define a partial and then include it in other templates. This code shows how to include a partial named 'userMessage'.
{{> userMessage}}
Mustache is a logic-less template syntax that can be used for HTML, config files, source code, etc. It's similar to Handlebars but with fewer features and a focus on simplicity.
Pug, formerly known as Jade, is a high-performance template engine heavily influenced by Haml and implemented with JavaScript for Node.js and browsers. It offers a more terse syntax and compiles to HTML.
EJS, or Embedded JavaScript templates, is a simple templating language that lets you generate HTML markup with plain JavaScript. It is more straightforward than Handlebars, embedding JavaScript code directly in the template.
Handlebars.js is an extension to the Mustache templating language created by Chris Wanstrath. Handlebars.js and Mustache are both logicless templating languages that keep the view and the code separated like we all know they should be.
Checkout the official Handlebars docs site at http://www.handlebarsjs.com.
Installing Handlebars is easy. Simply download the package from the official site or the bower repository and add it to your web pages (you should usually use the most recent version).
For web browsers, a free CDN is available at jsDelivr. Advanced usage, such as version aliasing & concocting, is available.
Alternatively, if you prefer having the latest version of handlebars from
the 'master' branch, passing builds of the 'master' branch are automatically
published to S3. You may download the latest passing master build by grabbing
a handlebars-latest.js
file from the builds page. When the
build is published, it is also available as a handlebars-gitSHA.js
file on
the builds page if you need a version to refer to others.
handlebars-runtime.js
builds are also available.
Note: The S3 builds page is provided as a convenience for the community, but you should not use it for hosting Handlebars in production.
In general, the syntax of Handlebars.js templates is a superset of Mustache templates. For basic syntax, check out the Mustache manpage.
Once you have a template, use the Handlebars.compile
method to compile
the template into a function. The generated function takes a context
argument, which will be used to render the template.
var source = "<p>Hello, my name is {{name}}. I am from {{hometown}}. I have " +
"{{kids.length}} kids:</p>" +
"<ul>{{#kids}}<li>{{name}} is {{age}}</li>{{/kids}}</ul>";
var template = Handlebars.compile(source);
var data = { "name": "Alan", "hometown": "Somewhere, TX",
"kids": [{"name": "Jimmy", "age": "12"}, {"name": "Sally", "age": "4"}]};
var result = template(data);
// Would render:
// <p>Hello, my name is Alan. I am from Somewhere, TX. I have 2 kids:</p>
// <ul>
// <li>Jimmy is 12</li>
// <li>Sally is 4</li>
// </ul>
You can register helpers that Handlebars will use when evaluating your template. Here's an example, which assumes that your objects have a URL embedded in them, as well as the text for a link:
Handlebars.registerHelper('link_to', function() {
return new Handlebars.SafeString("<a href='" + Handlebars.Utils.escapeExpression(this.url) + "'>" + Handlebars.Utils.escapeExpression(this.body) + "</a>");
});
var context = { posts: [{url: "/hello-world", body: "Hello World!"}] };
var source = "<ul>{{#posts}}<li>{{link_to}}</li>{{/posts}}</ul>"
var template = Handlebars.compile(source);
template(context);
// Would render:
//
// <ul>
// <li><a href='/hello-world'>Hello World!</a></li>
// </ul>
Helpers take precedence over fields defined on the context. To access a field
that is masked by a helper, a path reference may be used. In the example above
a field named link_to
on the context
object would be referenced using:
{{./link_to}}
By default, the {{expression}}
syntax will escape its contents. This
helps to protect you against accidental XSS problems caused by malicious
data passed from the server as JSON.
To explicitly not escape the contents, use the triple-mustache
({{{}}}
). You have seen this used in the above example.
Handlebars.js adds a couple of additional features to make writing templates easier and also changes a tiny detail of how partials work.
Handlebars.js supports an extended expression syntax that we call paths.
Paths are made up of typical expressions and .
characters. Expressions
allow you to not only display data from the current context, but to
display data from contexts that are descendants and ancestors of the
current context.
To display data from descendant contexts, use the .
character. So, for
example, if your data were structured like:
var data = {"person": { "name": "Alan" }, "company": {"name": "Rad, Inc." } };
You could display the person's name from the top-level context with the following expression:
{{person.name}}
You can backtrack using ../
. For example, if you've already traversed
into the person object you could still display the company's name with
an expression like {{../company.name}}
, so:
{{#with person}}{{name}} - {{../company.name}}{{/with}}
would render:
Alan - Rad, Inc.
When calling a helper, you can pass paths or Strings as parameters. For instance:
Handlebars.registerHelper('link_to', function(title, options) {
return "<a href='/posts" + this.url + "'>" + title + "!</a>"
});
var context = { posts: [{url: "/hello-world", body: "Hello World!"}] };
var source = '<ul>{{#posts}}<li>{{{link_to "Post"}}}</li>{{/posts}}</ul>'
var template = Handlebars.compile(source);
template(context);
// Would render:
//
// <ul>
// <li><a href='/posts/hello-world'>Post!</a></li>
// </ul>
When you pass a String as a parameter to a helper, the literal String gets passed to the helper function.
Handlebars.js also adds the ability to define block helpers. Block helpers are functions that can be called from anywhere in the template. Here's an example:
var source = "<ul>{{#people}}<li>{{#link}}{{name}}{{/link}}</li>{{/people}}</ul>";
Handlebars.registerHelper('link', function(options) {
return '<a href="/people/' + this.id + '">' + options.fn(this) + '</a>';
});
var template = Handlebars.compile(source);
var data = { "people": [
{ "name": "Alan", "id": 1 },
{ "name": "Yehuda", "id": 2 }
]};
template(data);
// Should render:
// <ul>
// <li><a href="/people/1">Alan</a></li>
// <li><a href="/people/2">Yehuda</a></li>
// </ul>
Whenever the block helper is called it is given one or more parameters,
any arguments that are passed into the helper in the call, and an options
object containing the fn
function which executes the block's child.
The block's current context may be accessed through this
.
Block helpers have the same syntax as mustache sections but should not be
confused with one another. Sections are akin to an implicit each
or
with
statement depending on the input data and helpers are explicit
pieces of code that are free to implement whatever behavior they like.
The mustache spec
defines the exact behavior of sections. In the case of name conflicts,
helpers are given priority.
You can register additional templates as partials, which will be used by
Handlebars when it encounters a partial ({{> partialName}}
). Partials
can either be String templates or compiled template functions. Here's an
example:
var source = "<ul>{{#people}}<li>{{> link}}</li>{{/people}}</ul>";
Handlebars.registerPartial('link', '<a href="/people/{{id}}">{{name}}</a>')
var template = Handlebars.compile(source);
var data = { "people": [
{ "name": "Alan", "id": 1 },
{ "name": "Yehuda", "id": 2 }
]};
template(data);
// Should render:
// <ul>
// <li><a href="/people/1">Alan</a></li>
// <li><a href="/people/2">Yehuda</a></li>
// </ul>
You can add comments to your templates with the following syntax:
{{! This is a comment }}
You can also use real html comments if you want them to end up in the output.
<div>
{{! This comment will not end up in the output }}
<!-- This comment will show up in the output -->
</div>
There are a few Mustache behaviors that Handlebars does not implement.
compat
flag must be set to enable this functionality. Users should note that there is a performance cost for enabling this flag. The exact cost varies by template, but it's recommended that performance sensitive operations should avoid this mode and instead opt for explicit path references.Handlebars allows templates to be precompiled and included as javascript code rather than the handlebars template allowing for faster startup time.
The precompiler script may be installed via npm using the npm install -g handlebars
command.
Precompile handlebar templates. Usage: handlebars template... Options: -a, --amd Create an AMD format function (allows loading with RequireJS) [boolean] -f, --output Output File [string] -k, --known Known helpers [string] -o, --knownOnly Known helpers only [boolean] -m, --min Minimize output [boolean] -s, --simple Output template function only. [boolean] -r, --root Template root. Base value that will be stripped from template names. [string] -c, --commonjs Exports CommonJS style, path to Handlebars module [string] -h, --handlebarPath Path to handlebar.js (only valid for amd-style) [string] -n, --namespace Template namespace [string] -p, --partial Compiling a partial template [boolean] -d, --data Include data when compiling [boolean] -e, --extension Template extension. [string] -b, --bom Removes the BOM (Byte Order Mark) from the beginning of the templates. [boolean]
If using the precompiler's normal mode, the resulting templates will be
stored to the Handlebars.templates
object using the relative template
name sans the extension. These templates may be executed in the same
manner as templates.
If using the simple mode the precompiler will generate a single
javascript method. To execute this method it must be passed to
the Handlebars.template
method and the resulting object may be used as normal.
--known name
argument may be used to optimize accesses to these
helpers for size and speed.--knownOnly
argument may be used
to optimize all block helper references.@data
variables can improve performance of
iteration centric templates by specifying {data: false}
in the compiler options.Handlebars has been designed to work in any ECMAScript 3 environment. This includes
Older versions and other runtimes are likely to work but have not been formally
tested. The compiler requires JSON.stringify
to be implemented natively or via a polyfill. If using the precompiler this is not necessary.
In a rough performance test, precompiled Handlebars.js templates (in the original version of Handlebars.js) rendered in about half the time of Mustache templates. It would be a shame if it were any other way, since they were precompiled, but the difference in architecture does have some big performance advantages. Justin Marney, a.k.a. gotascii, confirmed that with an independent test. The rewritten Handlebars (current version) is faster than the old version, with many performance tests being 5 to 7 times faster than the Mustache equivalent.
See release-notes.md for upgrade notes.
See FAQ.md for known issues and common pitfalls.
Have a project using Handlebars? Send us a pull request!
Handlebars.js is released under the MIT license.
FAQs
Handlebars provides the power necessary to let you build semantic templates effectively with no frustration
The npm package handlebars receives a total of 11,274,662 weekly downloads. As such, handlebars popularity was classified as popular.
We found that handlebars demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 6 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
Security News
NVD’s backlog surpasses 20,000 CVEs as analysis slows and NIST announces new system updates to address ongoing delays.
Security News
Research
A malicious npm package disguised as a WhatsApp client is exploiting authentication flows with a remote kill switch to exfiltrate data and destroy files.