jqtpl - npm Package Compare versions

Comparing version 1.0.8 to 1.0.9

lib/jqtpl.js

@@ -136,6 +136,8 @@ /*jslint evil: true*/
                 .replace(/\r/g, '\\r')
+                .replace(/\t/g, '\\t')
                 .replace(/\$\{([^\}]*)\}/g, '{{= $1}}')
                 .replace(/\{\{(\/?)(\w+|.)(?:\(((?:[^\}]|\}(?!\}))*?)?\))?(?:\s+(.*?)?)?(\(((?:[^\}]|\}(?!\}))*?)\))?\s*\}\}/g,
                     function(all, slash, type, fnargs, target, parens, args) {
-                        var tag = exports.tag[type], def, expr, exprAutoFnDetect;
+                        var tag = exports.tag[type], def, expr, exprAutoFnDetect,
+                            rEscapedWhite = /\\n|\\t|\\r/g;
 
@@ -154,4 +156,11 @@ if (!tag) {
                         if (target) {
-                            target = unescape(target);
-                            args = args ? (',' + unescape(args) + ')') : (parens ? ')' : '');
+                            target = unescape(target).replace(rEscapedWhite, '');
+
+                            if (args) {
+                                args = ',' + unescape(args) + ')';
+                                args = args.replace(rEscapedWhite, '');
+                            } else {
+                                args = parens ? ')' : '';
+                            }
+
                             // Support for target being things like a.toLowerCase();
@@ -158,0 +167,0 @@ // In that case don't call with template item as 'this' pointer. Just evaluate...

package.json

 {
     "name": "jqtpl",
     "description": "A port of jQuery's template engine",
-    "version": "1.0.8",
+    "version": "1.0.9",
     "author": "Oleg Slobodskoi <oleg008@gmail.com>",
@@ -6,0 +6,0 @@ "contributors": [

test/jqtpl.js

@@ -136,1 +136,41 @@ QUnit.module('jqtpl');
 });
+
+test('preserve whitespaces', function() {
+    var html;
+
+    try {
+        html = tmpl(
+            '<div>\n{{= [{\tkey: \n"value"\r}] }}\n</div>', 
+            {}
+        );
+        ok(true, 'no compilation errors');
+    } catch(err) {
+        ok(false, err.message);
+    }
+
+    equal(
+        html,
+        '<div>\n[object Object]\n</div>',
+        'whitespaces preserved'
+    );
+
+    try {
+        html = tmpl(
+            '<div>\n{{= someFunction({\tkey: \n"value"\r}) }}\n</div>', 
+            {
+                someFunction: function(data) {
+                    return 'some text ' + data.key;       
+                }
+            }
+        );
+        ok(true, 'no compilation errors');
+    } catch(err) {
+        ok(false, err.message);
+    }
+
+    equal(
+        html,
+        '<div>\nsome text value\n</div>',
+        'whitespaces preserved'
+    );
+});

Fixed alerts

New author

Supply chain risk

A new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

26032

increased by4.83%

Lines of code

562

increased by7.87%

Number of medium supply chain risk alerts

1

decreased by-50%

No dependency changes