razorleaf - npm Package Compare versions
Comparing version 0.11.0 to 0.11.1
| "use strict"; | ||
| var format = require("index-format"); | ||
| var push = Array.prototype.push; | ||
@@ -11,44 +10,3 @@ var voidTags = [ | ||
| var templateUtilities = { | ||
| __amp: {value: /&/g, dependencies: []}, | ||
| __quot: {value: /"/g, dependencies: []}, | ||
| __lt: {value: /</g, dependencies: []}, | ||
| __gt: {value: />/g, dependencies: []}, | ||
| __escapeAttributeValue: { | ||
| value: "function(string) {\ | ||
| return ('' + string).replace(__amp, '&').replace(__quot, '"');\ | ||
| }", | ||
| dependencies: ["__amp", "__quot"] | ||
| }, | ||
| __escapeContent: { | ||
| value: "function(string) {\ | ||
| return ('' + string).replace(__amp, '&').replace(__lt, '<').replace(__gt, '>');\ | ||
| }", | ||
| dependencies: ["__amp", "__lt", "__gt"] | ||
| } | ||
| }; | ||
| function createUtilities(names) { | ||
| if(names.length === 0) { | ||
| return ""; | ||
| } | ||
| var used = {}; | ||
| var needed = names.slice(); | ||
| while(needed.length > 0) { | ||
| var name = needed.pop(); | ||
| if(!used.hasOwnProperty(name)) { | ||
| used[name] = templateUtilities[name].value; | ||
| push.apply(needed, templateUtilities[name].dependencies); | ||
| } | ||
| } | ||
| return "var " + Object.keys(used).map(function(name) { | ||
| return name + " = " + used[name]; | ||
| }).join(", ") + ";\n"; | ||
| } | ||
| function interpolateAttributeValue(utilities, value) { | ||
| function interpolateAttributeValue(value) { | ||
| var string = ""; | ||
@@ -78,4 +36,3 @@ var escaped = false; | ||
| } else { | ||
| string += "' + __escapeAttributeValue(("; | ||
| utilities.push("__escapeAttributeValue"); | ||
| string += "' + __utilities.escapeAttributeValue(("; | ||
| } | ||
@@ -100,3 +57,3 @@ | ||
| function interpolateContent(utilities, value) { | ||
| function interpolateContent(value) { | ||
| var string = ""; | ||
@@ -126,4 +83,3 @@ var escaped = false; | ||
| } else { | ||
| string += "' + __escapeContent(("; | ||
| utilities.push("__escapeContent"); | ||
| string += "' + __utilities.escapeContent(("; | ||
| } | ||
@@ -322,3 +278,3 @@ | ||
| function compileElement(utilities, variables, item) { | ||
| function compileElement(variables, item) { | ||
| var info = { | ||
@@ -342,6 +298,6 @@ content: new CodeString("__output") | ||
| if(child.value !== null) { | ||
| info.attributes.addString("=\"" + interpolateAttributeValue(utilities, child.value) + "\""); | ||
| info.attributes.addString("=\"" + interpolateAttributeValue(child.value) + "\""); | ||
| } | ||
| } else { | ||
| var compiled = compileElement(utilities, variables, child); | ||
| var compiled = compileElement(variables, child); | ||
@@ -365,3 +321,3 @@ if(compiled.attributes) { | ||
| case "string": | ||
| info.content.addString(interpolateContent(utilities, item)); | ||
| info.content.addString(interpolateContent(item)); | ||
@@ -378,7 +334,6 @@ break; | ||
| function compile(root) { | ||
| var utilities = []; | ||
| var variables = {}; | ||
| var code = root.children.map(function(item) { | ||
| var compiled = compileElement(utilities, variables, item); | ||
| var compiled = compileElement(variables, item); | ||
@@ -388,3 +343,3 @@ return compiled.content.string; | ||
| return createUtilities(utilities) + "var " + Object.keys(variables).map(function(variable) { | ||
| return "var " + Object.keys(variables).map(function(variable) { | ||
| return variable + ", "; | ||
@@ -391,0 +346,0 @@ }).join("") + "__output = '" + code + "';\nreturn __output;"; |
| { | ||
| "name": "razorleaf", | ||
| "version": "0.11.0", | ||
| "version": "0.11.1", | ||
| "main": "razorleaf.js", | ||
| "files": ["razorleaf.js", "compiler.js", "parser.js"], | ||
| "files": ["razorleaf.js", "compiler.js", "parser.js", "template-utilities.js"], | ||
| "description": "A template engine for HTML", | ||
@@ -7,0 +7,0 @@ "keywords": ["template", "bulbasaur"], |
@@ -5,2 +5,3 @@ "use strict"; | ||
| var parser = require("./parser"); | ||
| var __utilities = require("./template-utilities"); | ||
@@ -11,5 +12,5 @@ function compile(template) { | ||
| return new Function("data", code); | ||
| return eval("(function(data) {\n" + code + "\n})"); | ||
| } | ||
| module.exports.compile = compile; |
New alerts
Uses eval
Supply chain riskPackage uses dynamic code execution (e.g., eval()), which is a dangerous practice. This can prevent the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.
Found 1 instance in 1 package
Fixed alerts
Major refactor
Supply chain riskPackage has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.
Found 1 instance in 1 package
Uses eval
Supply chain riskPackage uses dynamic code execution (e.g., eval()), which is a dangerous practice. This can prevent the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.
Found 1 instance in 1 package
Improved metrics
- Number of package files
- increased by20%
6
- Number of medium supply chain risk alerts
- decreased by-50%
1
Worsened metrics
- Total package byte prevSize
- decreased by-3.85%
16482
- Lines of code
- decreased by-4.16%
507