UNPKG

handlebars

Version:

Handlebars provides the power necessary to let you build semantic templates effectively with no frustration

handlebarsjs.com

handlebars-lang/handlebars.js

70 lines (61 loc) 2.43 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
import { extend } from '../utils'; import logger from '../logger'; const loggedProperties = Object.create(null); export function createProtoAccessControl(runtimeOptions) { // Create an object with "null"-prototype to avoid truthy results on // prototype properties. const propertyWhiteList = Object.create(null); // eslint-disable-next-line no-proto propertyWhiteList['__proto__'] = false; extend(propertyWhiteList, runtimeOptions.allowedProtoProperties); const methodWhiteList = Object.create(null); methodWhiteList['constructor'] = false; methodWhiteList['__defineGetter__'] = false; methodWhiteList['__defineSetter__'] = false; methodWhiteList['__lookupGetter__'] = false; methodWhiteList['__lookupSetter__'] = false; extend(methodWhiteList, runtimeOptions.allowedProtoMethods); return { properties: { whitelist: propertyWhiteList, defaultValue: runtimeOptions.allowProtoPropertiesByDefault }, methods: { whitelist: methodWhiteList, defaultValue: runtimeOptions.allowProtoMethodsByDefault } }; } export function resultIsAllowed(result, protoAccessControl, propertyName) { if (typeof result === 'function') { return checkWhiteList(protoAccessControl.methods, propertyName); } else { return checkWhiteList(protoAccessControl.properties, propertyName); } } function checkWhiteList(protoAccessControlForType, propertyName) { if (protoAccessControlForType.whitelist[propertyName] !== undefined) { return protoAccessControlForType.whitelist[propertyName] === true; } if (protoAccessControlForType.defaultValue !== undefined) { return protoAccessControlForType.defaultValue; } logUnexpecedPropertyAccessOnce(propertyName); return false; } function logUnexpecedPropertyAccessOnce(propertyName) { if (loggedProperties[propertyName] !== true) { loggedProperties[propertyName] = true; logger.log( 'error', `Handlebars: Access has been denied to resolve the property "${propertyName}" because it is not an "own property" of its parent.\n` + `You can add a runtime option to disable the check or this warning:\n` + `See https://handlebarsjs.com/api-reference/runtime-options.html#options-to-control-prototype-access for details` ); } } export function resetLoggedProperties() { Object.keys(loggedProperties).forEach(propertyName => { delete loggedProperties[propertyName]; }); }