Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
handlebars
Advanced tools
Handlebars provides the power necessary to let you build semantic templates effectively with no frustration
Handlebars is a popular templating engine for JavaScript. It allows you to create templates with dynamic content that can be rendered with different contexts. It is commonly used to generate HTML for web pages, but can also be used for other types of text output.
Simple Templating
Handlebars allows you to iterate over an array and generate HTML for each item. In this example, 'people' is an array that is iterated over, and for each item, a paragraph element is created with the content of the item.
{{#each people}}<p>{{this}}</p>{{/each}}
Conditional Statements
You can use conditional statements in your templates to render different HTML based on the context. Here, if 'isAdmin' is true, a button is displayed; otherwise, a paragraph is shown.
{{#if isAdmin}}<button>Admin</button>{{else}}<p>Not an admin</p>{{/if}}
Custom Helpers
Handlebars allows you to define custom helpers that you can use in your templates. In this example, a 'loud' helper is created that converts a string to uppercase.
Handlebars.registerHelper('loud', function (aString) { return aString.toUpperCase(); });
Built-in Helpers
Handlebars provides built-in helpers like 'with' which you can use to change the context within a block. This example shows how to use the 'with' helper to access properties of an object without repeating the object name.
{{#with person}}<p>{{firstName}} {{lastName}}</p>{{/with}}
Partials
Partials are reusable template fragments in Handlebars. You can define a partial and then include it in other templates. This code shows how to include a partial named 'userMessage'.
{{> userMessage}}
Mustache is a logic-less template syntax that can be used for HTML, config files, source code, etc. It's similar to Handlebars but with fewer features and a focus on simplicity.
Pug, formerly known as Jade, is a high-performance template engine heavily influenced by Haml and implemented with JavaScript for Node.js and browsers. It offers a more terse syntax and compiles to HTML.
EJS, or Embedded JavaScript templates, is a simple templating language that lets you generate HTML markup with plain JavaScript. It is more straightforward than Handlebars, embedding JavaScript code directly in the template.
Handlebars.js is an extension to the Mustache templating language created by Chris Wanstrath. Handlebars.js and Mustache are both logicless templating languages that keep the view and the code separated like we all know they should be.
Checkout the official Handlebars docs site at http://www.handlebarsjs.com and the live demo at http://tryhandlebarsjs.com/.
See our installation documentation.
In general, the syntax of Handlebars.js templates is a superset of Mustache templates. For basic syntax, check out the Mustache manpage.
Once you have a template, use the Handlebars.compile
method to compile
the template into a function. The generated function takes a context
argument, which will be used to render the template.
var source = "<p>Hello, my name is {{name}}. I am from {{hometown}}. I have " +
"{{kids.length}} kids:</p>" +
"<ul>{{#kids}}<li>{{name}} is {{age}}</li>{{/kids}}</ul>";
var template = Handlebars.compile(source);
var data = { "name": "Alan", "hometown": "Somewhere, TX",
"kids": [{"name": "Jimmy", "age": "12"}, {"name": "Sally", "age": "4"}]};
var result = template(data);
// Would render:
// <p>Hello, my name is Alan. I am from Somewhere, TX. I have 2 kids:</p>
// <ul>
// <li>Jimmy is 12</li>
// <li>Sally is 4</li>
// </ul>
Full documentation and more examples are at handlebarsjs.com.
Handlebars allows templates to be precompiled and included as javascript code rather than the handlebars template allowing for faster startup time. Full details are located here.
Handlebars.js adds a couple of additional features to make writing templates easier and also changes a tiny detail of how partials work.
Block expressions have the same syntax as mustache sections but should not be confused with one another. Sections are akin to an implicit each
or with
statement depending on the input data and helpers are explicit pieces of code that are free to implement whatever behavior they like. The mustache spec defines the exact behavior of sections. In the case of name conflicts, helpers are given priority.
There are a few Mustache behaviors that Handlebars does not implement.
compat
flag must be set to enable this functionality. Users should note that there is a performance cost for enabling this flag. The exact cost varies by template, but it's recommended that performance sensitive operations should avoid this mode and instead opt for explicit path references.Handlebars has been designed to work in any ECMAScript 3 environment. This includes
Older versions and other runtimes are likely to work but have not been formally
tested. The compiler requires JSON.stringify
to be implemented natively or via a polyfill. If using the precompiler this is not necessary.
In a rough performance test, precompiled Handlebars.js templates (in the original version of Handlebars.js) rendered in about half the time of Mustache templates. It would be a shame if it were any other way, since they were precompiled, but the difference in architecture does have some big performance advantages. Justin Marney, a.k.a. gotascii, confirmed that with an independent test. The rewritten Handlebars (current version) is faster than the old version, with many performance tests being 5 to 7 times faster than the Mustache equivalent.
See release-notes.md for upgrade notes.
See FAQ.md for known issues and common pitfalls.
Have a project using Handlebars? Send us a pull request!
Handlebars.js is released under the MIT license.
FAQs
Handlebars provides the power necessary to let you build semantic templates effectively with no frustration
The npm package handlebars receives a total of 16,317,744 weekly downloads. As such, handlebars popularity was classified as popular.
We found that handlebars demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 6 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.