Comparing changes
Open a pull request
- 20 commits
- 22 files changed
- 3 contributors
Commits on Feb 7, 2019
-
fix: disallow access to the constructor in templates to prevent RCE
This commit fixes a Remote Code Execution (RCE) reported by npm-security. Access to non-enumerable "constructor"-properties is now prohibited by the compiled template-code, because this the first step on the way to creating and execution arbitrary JavaScript code. The vulnerability affects systems where an attacker is allowed to inject templates into the Handlebars setup. Further details of the attack may be disclosed by npm-security. Closes #1267 Closes #1495
-
-
-
-
Commits on Feb 18, 2019
-
test: add test for NodeJS compatibility
The test is a simple addition to the existing tests. It should ensure that the built Handlebars artifact only uses language features that are available in old versions of NodeJS. A simple program and the precompiler are started with NodeJS 0.10 to 11
-
refactor: replace "async" with "neo-async"
The main reason is that neo-async takes a lot less space due to the missing lodash-dependency. The other is speed. closes #1431
Commits on Feb 19, 2019
-
Merge pull request #1500 from wycats/neo-async
Use `neo-async` instead of `async
-
Commits on Feb 21, 2019
Commits on Mar 13, 2019
Commits on Mar 14, 2019
-
Merge pull request #1504 from liqiang372/deprecate-substr-method
deprecate substr method and use existing strip function in grammar
Commits on Mar 15, 2019
-
test: make security testcase internet explorer compatible
Internet Explorer does not support the 'class Testclass {}' notation, and tests are not compiled using babel. closes #1497 -
This comparison is taking too long to generate.
Unfortunately it looks like we can’t render this comparison for you right now. It might be too big, or there might be something weird with your repository.
You can try running this command locally to see the comparison on your machine:
git diff v4.1.0...v4.1.1