CryptKeeperZK/ejs
1
0
Fork 0
mirror of https://github.com/CryptKeeperZK/ejs.git synced 2026-01-09 23:48:08 -05:00
Code Issues Packages Projects Releases Wiki Activity
3,201 Commits 1 Branch 0 Tags
main
Commit Graph

1090 Commits

Author SHA1 Message Date
isk
01a91d7409 fix: ejs evalerror with browser extension 2023-08-18 12:52:20 +02:00
Joe Portner
181a537556 Fall back to assignment, update test 2023-03-12 12:10:19 -04:00
Joe Portner
58bc2eb556 Change approach to shadowing "toString" property for escapeXML 2023-03-10 00:03:22 -05:00
mde
551949d861 Minor mitigation 2022-05-11 11:54:01 -07:00
mde
076dcb643c Don't use template literal 2022-04-20 09:36:05 -07:00
mde
576283bb5d Move to utils, handle older runtimes, fix tests 2021-05-31 13:29:51 -07:00
Nicolas Dumazet
be9a9bb397 Create Objects without prototypes. 
This generally helps mitigate prototype pollution: even if another
library allows prototype pollution, ejs will not allow escalating this
into Remote Code Execution.
 2021-05-31 21:37:02 +02:00
Nicolas Dumazet
15ee698583 Sanitize option names. 
This prevents injection of arbitrary code if the server is already
vulnerable to prototype poisoning. This resolves #451.

I deliberately opted to not support complex Unicode identifiers even
though they're valid JS identifiers. They're complex to validate and
users probably shouldn't even try to be that creative.
 2021-05-30 07:00:58 +02:00
db-developer
5ea89773a2 fixed some situations where null or undefined on 'to', 'from' or 'list' would throw exceptions 2021-03-01 03:43:36 +01:00
mde
abaee2be93 Sanitize filename for display 2021-02-06 12:21:24 -08:00
mde
4c5e56055b Removed arrow 2020-08-17 08:58:50 -07:00
mde
4317967bdc Linting 2020-08-17 08:57:32 -07:00
Brittany Harris
0cf97ae9b4 convert cli passthrough hyphen case options to camelcase before rendering 2020-06-15 13:49:28 +01:00
Leonardo Matos
633b5fbfb9 fix(includer): fix handling includer option 2020-05-14 02:18:30 -03:00
Leonardo Matos
f27623116d feat(includer): implementing 'includer' function to options 
https://github.com/mde/ejs/issues/500
 2020-05-14 01:56:46 -03:00
mde
0cc5af0416 More linting 2020-04-19 14:10:27 -07:00
Leonardo Matos
f1f0e26f84 perf(resolve-paths): replace tryPathsList with 'global' resolvePaths 2020-04-13 14:51:39 -03:00
Leonardo Matos
b63fced2ad feat(root-array): add support to list of 'root' directories 2020-03-23 16:51:08 -03:00
mde
a97afe3e9c Merge branch 'docs/jsdoc/improve-type-information' of github.com:EB-Forks/ejs 2020-01-14 07:49:08 -08:00
ExE Boss
12beb5ccc0 fix: Cleanup remaining legacy preprocessor include code 2019-12-04 02:44:05 +01:00
mde
e6fd45d2c4 Cleanup after removing preprocessor include 2019-11-23 17:38:26 -08:00
mde
c6bca15b0a Removed legacy preprocessor include 2019-11-23 17:22:03 -08:00
mde
18c03ab52a Merge branch 'master' of github.com:mde/ejs 2019-11-23 16:35:03 -08:00
mde
7c15b78163 Removed hacky require support 2019-11-23 16:34:29 -08:00
ExE Boss
8abc892a49 refactor(rethrow): Avoid changing input params 2019-11-05 22:44:39 +01:00
Nathan Woltman
4434314d53 Use string concatenation to build the output string 
Switching from pushing to an array and using .join() to using simple string concatenation yields performance gains up to 260%.
 2019-10-30 22:55:14 -04:00
ExE Boss
45e6f9276d docs(JSDoc): Add type annotations to variables in Template.compile() 2019-10-20 14:36:47 +02:00
ExE Boss
92f33141fd feat: Set compiled function name 2019-10-20 14:30:26 +02:00
ExE Boss
64eca526cb docs(JSDoc): Improve type information 2019-10-20 13:03:52 +02:00
ExE Boss
d6376fa71b fix: Correct error message when async != true (#460) 2019-10-19 22:59:37 +02:00
Matthew Eernisse
e10447df94 Merge pull request #452 from EB-Forks/feat/destructured-locals 
feat: Add support for destructuring locals
 2019-09-12 07:59:21 -07:00
S2-
09c0f513f6 Show compiled templates in debugger (#456) 
This commit adds a sourceURL directive to the generated template function.
This makes generated template code visible in the debugger.
See https://developer.mozilla.org/en-US/docs/Tools/Debugger/How_to/Debug_eval_sources
 2019-09-10 03:16:38 +02:00
ExE Boss
edc6025ecf Merge branch 'master' into feat/destructured-locals 2019-09-10 01:53:08 +02:00
ExE Boss
e3d128b2f6 feat: Allow disabling legacy include preprocessor directives 2019-09-06 18:04:47 +02:00
mde
cce319f40f Minor version bump to deprecate use of require.extensions 2019-09-02 12:26:20 -07:00
ExE Boss
eb639428fe feat: Add support for destructuring locals 2019-08-24 21:39:06 +02:00
mde
cea58ff080 Merge branch 'master' of github.com:mde/ejs 2019-06-02 09:59:22 -07:00
mde
8a6abe4a28 Recognize both *nix and Windows abs paths 2019-06-02 09:57:20 -07:00
s2
2daec5dc61 add remove function to cache 2019-03-06 10:43:13 +01:00
Adrian
ca7fe2005d Expose Template class 2018-11-24 22:27:28 +02:00
Nathan Woltman
4b1cbee458 Fix problems with rmWhitespace 
Make `rmWhitespace` safer by handling empty lines better and *not* removing newlines around EJS tags.
 2018-11-16 19:06:46 -05:00
mde
720ab7f4d6 Fixed indentation for linter 2018-06-09 20:31:12 -07:00
Matthew Eernisse
ff15d6d588 Merge pull request #304 from tyduptyler13/master 
Added custom open and close delimiters
 2018-06-09 20:25:27 -07:00
mde
76e181e722 ctor is not always async 2018-06-02 08:12:46 -07:00
mde
44954715f2 Simpler fix for passing escape function correctly 2018-05-15 09:22:18 -07:00
Alec Gibson
db11166897 Pass custom escape function to included templates 
At the moment, if you have a template that includes another template,
and a custom escape function, the escape function is not correctly
passed from the outer template to the included template. For an
example of this, see the test fixture added in this commit, which
failed before this fix.

This is due to the property being renamed from `options.escape` to
`options.escapeFunction` in the `Template` constructor. Then, when a
nested `Template` is created, it tries to look for `options.escape`, but
the option has been renamed to `options.escapeFunction`.

This change replaces use of `options.escapeFunction` to `options.escape`
in order to correctly pass the escape function down to included
templates.
 2018-05-09 13:59:27 +01:00
mde
40bb0eac50 Use generated function instead of eval to get async func ctor 2018-05-05 11:30:42 -07:00
Viko
9c9f44c928 Merge branch 'master' into async 2018-05-04 17:36:01 -06:00
Viko
40cdb21517 Fix merge conflict (again? could've sworn) 2018-05-04 16:15:28 -06:00
Viko
94841a12dc Fix merge conflict 2018-04-22 17:31:32 -06:00