This package has been deprecated

Author message:

project is not maintained

secure-handlebars-helpers

1.0.7 • Public • Published

secure-handlebars-helpers

npm version dependency status Build Status

This handy client-side script registers the required XSS output filtering functions as handlebars' helpers, and is designed ONLY for templates that already have the context-sensitive filter markup (e.g., <title>{{{yd title}}}</title>) automatically inserted using secure-handlebars.

Quick Start

Client-side (browser)

Download the latest version at dist/secure-handlebars-helpers.min.js, and embed it after the handlebars script file.

<script type="text/javascript" src="dist/handlebars.js"></script>
<script type="text/javascript" src="dist/secure-handlebars-helpers.min.js"></script>
 
<script type="text/javascript">
var compiledTemplate = Handlebars.compile("<title>{{{yd title}}}</title>");
// html is assigned <title>&lt;script>alert('xss')&lt;/script></title>
var html = compiledTemplate({
    title: "<script>alert('xss')</script>"
});
</script> 

Note: Read more about the underlying output filtering principle at xss-filters.

Contribute

To contribute, you will make changes in src/ and tests/, followed by the following commands:

  • $ npm run-script build to build the standalone JavaScript for client-side use
  • $ npm test to run the tests

License

This software is free to use under the Yahoo BSD license. See the LICENSE file for license text and copyright information.

Package Sidebar

Install

npm i secure-handlebars-helpers

Weekly Downloads

48

Version

1.0.7

License

none

Last publish

Collaborators

  • adon
  • davglass
  • neraliu
  • yukinying