AtHeartEngineer/ejs
1
0
Fork 0
mirror of https://github.com/CryptKeeperZK/ejs.git synced 2026-01-09 07:27:56 -05:00
Code Issues Packages Projects Releases Wiki Activity
3,158 Commits 1 Branch 0 Tags
576283bb5db2f5b6d2c9f979163a84644f581697
Commit Graph

3158 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
mde
576283bb5d Move to utils, handle older runtimes, fix tests 2021-05-31 13:29:51 -07:00
Matthew Eernisse
61b6616fd3 Merge pull request #601 from nicdumz/main 
Mitigate prototype pollution effects
 2021-05-31 12:40:23 -07:00
Nicolas Dumazet
be9a9bb397 Create Objects without prototypes. 
This generally helps mitigate prototype pollution: even if another
library allows prototype pollution, ejs will not allow escalating this
into Remote Code Execution.
 2021-05-31 21:37:02 +02:00
Nicolas Dumazet
15ee698583 Sanitize option names. 
This prevents injection of arbitrary code if the server is already
vulnerable to prototype poisoning. This resolves #451.

I deliberately opted to not support complex Unicode identifiers even
though they're valid JS identifiers. They're complex to validate and
users probably shouldn't even try to be that creative.
 2021-05-30 07:00:58 +02:00
Matthew Eernisse
c120527315 Merge pull request #598 from mde/dependabot/npm_and_yarn/lodash-4.17.21 
Bump lodash from 4.17.20 to 4.17.21
 2021-05-11 08:42:20 -07:00
dependabot[bot]
cfa273264b Bump lodash from 4.17.20 to 4.17.21 
Bumps [lodash](https://github.com/lodash/lodash) from 4.17.20 to 4.17.21.
- [Release notes](https://github.com/lodash/lodash/releases)
- [Commits](https://github.com/lodash/lodash/compare/4.17.20...4.17.21)

Signed-off-by: dependabot[bot] <support@github.com>
 2021-05-11 11:10:00 +00:00
Matthew Eernisse
c594d0e099 Merge pull request #585 from db-developer/main 
fixed some situations...
 2021-03-01 11:16:05 -08:00
db-developer
9932bd932a add basic unit testing of utils.js 2021-03-01 10:49:25 +01:00
db-developer
5ea89773a2 fixed some situations where null or undefined on 'to', 'from' or 'list' would throw exceptions 2021-03-01 03:43:36 +01:00
Matthew Eernisse
fcae811468 Merge pull request #584 from db-developer/main 
introduced windows compatibility on tests
 2021-02-26 18:01:40 -08:00
db-developer
9f66025358 introduced windows compatible tests 2021-02-26 21:00:54 +01:00
mde
80bf3d7dcc Version 3.1.6 2021-02-06 12:27:44 -08:00
mde
abaee2be93 Sanitize filename for display 2021-02-06 12:21:24 -08:00
mde
289b0dc09f Remove unused arg 2021-02-06 12:20:38 -08:00
mde
9f69c0a176 Better doc-generation, document the doc commands 2020-09-10 08:20:56 -07:00
mde
a1c9c10563 Updated deps for security 2020-09-10 07:59:53 -07:00
mde
1f58d4b927 Version 3.1.5 2020-08-17 09:00:34 -07:00
mde
6f4a0aad0d Version 3.1.4 2020-08-17 08:58:59 -07:00
mde
4c5e56055b Removed arrow 2020-08-17 08:58:50 -07:00
mde
4317967bdc Linting 2020-08-17 08:57:32 -07:00
mde
86f1e7fbd6 Removed post-install script 2020-08-17 08:52:29 -07:00
Matthew Eernisse
8831f6c8d1 Merge pull request #526 from brittharr/fix-cli-passthrough 
Fix cli passthrough options
 2020-06-17 09:52:00 -07:00
Brittany Harris
0cf97ae9b4 convert cli passthrough hyphen case options to camelcase before rendering 2020-06-15 13:49:28 +01:00
Brittany Harris
5c38c53c8b failing test for hyphen case cli options 2020-06-15 13:37:31 +01:00
Matthew Eernisse
ec66df2da9 Merge pull request #523 from chemecse/fix-cli-includes 
Awesome, thanks for this!
 2020-06-06 10:50:56 -07:00
Lars Hamre
bb4e4a4d64 Fix cli includes by defaulting views to the current working directory 2020-06-06 01:19:44 -04:00
mde
fac12271cb Merge branch 'master' of github.com:mde/ejs 2020-05-24 22:13:44 -07:00
mde
3bb302479b Fixed README errors 2020-05-24 22:13:22 -07:00
Matthew Eernisse
6f12023a0d Merge pull request #517 from leomp12/ci/create-release 
CI/ Create release
 2020-05-17 20:04:55 -07:00
Leonardo Matos
9875f81587 ci(create-release): auto setup github release after version tag 2020-05-17 16:54:52 -03:00
Leonardo Matos
e14208e640 Merge pull request #2 from mde/master 
Update with master
 2020-05-17 16:50:45 -03:00
mde
661d848ead Version 3.1.3 2020-05-16 23:58:57 -07:00
mde
8b774bb97f Fix broken browserification 2020-05-16 23:56:14 -07:00
mde
d434f45987 Added usage.txt to release package 2020-05-16 23:47:08 -07:00
Matthew Eernisse
941b37c3af Merge pull request #515 from leomp12/feat/includer-funcion 
Feat/ Includer funcion
 2020-05-16 19:51:43 -07:00
Matthew Eernisse
1be9d903b6 Merge pull request #513 from leomp12/fix/browser-entry 
Fix pkg entry file for browser (compiled)
 2020-05-16 16:38:46 -07:00
Leonardo Matos
6e2196824d test(includer): rename first param (url -> original) 2020-05-16 18:04:17 -03:00
Leonardo Matos
247c0e2b41 docs(includer): edit function parameters names (originalPath, parsedPath) to be more descriptive 2020-05-16 18:03:12 -03:00
Leonardo Matos
8da7213eb4 test(includer): rename first param (url -> original) 2020-05-16 18:02:37 -03:00
Leonardo Matos
1fb829a935 docs(includer): simple includer function reference on options 2020-05-14 02:25:19 -03:00
Leonardo Matos
633b5fbfb9 fix(includer): fix handling includer option 2020-05-14 02:18:30 -03:00
Leonardo Matos
b525a777f6 test(includer): unit tests for includer function option 2020-05-14 02:17:55 -03:00
Leonardo Matos
f27623116d feat(includer): implementing 'includer' function to options 
https://github.com/mde/ejs/issues/500
 2020-05-14 01:56:46 -03:00
Leonardo Matos
3b96bd43de fix(pkg): fix entry file for browser (compiled) 
Fix to handle `import ejs from 'ejs'` within bundlers such as Webpack
 2020-05-06 14:31:16 -03:00
Leonardo Matos
195830c0a2 Merge pull request #1 from mde/master 
Update with master
 2020-05-06 14:17:57 -03:00
mde
e15a8c4f69 Problem-child test, probably shell-specific 2020-04-26 22:03:51 -07:00
mde
c41904f0a1 Words 2020-04-26 22:01:37 -07:00
mde
6f8e138ca4 But put them in the right place 2020-04-26 21:59:42 -07:00
mde
9595c642d3 Examples, plural 2020-04-26 21:57:17 -07:00
mde
f13a5c87a8 Updated tests and docs 2020-04-26 21:55:36 -07:00