This package has been deprecated

    Author message:

    project is not maintained

    secure-handlebars-helpers

    1.0.7 • Public • Published

    secure-handlebars-helpers

    npm version dependency status Build Status

    This handy client-side script registers the required XSS output filtering functions as handlebars' helpers, and is designed ONLY for templates that already have the context-sensitive filter markup (e.g., <title>{{{yd title}}}</title>) automatically inserted using secure-handlebars.

    Quick Start

    Client-side (browser)

    Download the latest version at dist/secure-handlebars-helpers.min.js, and embed it after the handlebars script file.

    <script type="text/javascript" src="dist/handlebars.js"></script>
    <script type="text/javascript" src="dist/secure-handlebars-helpers.min.js"></script>
     
    <script type="text/javascript">
    var compiledTemplate = Handlebars.compile("<title>{{{yd title}}}</title>");
    // html is assigned <title>&lt;script>alert('xss')&lt;/script></title>
    var html = compiledTemplate({
        title: "<script>alert('xss')</script>"
    });
    </script> 

    Note: Read more about the underlying output filtering principle at xss-filters.

    Contribute

    To contribute, you will make changes in src/ and tests/, followed by the following commands:

    • $ npm run-script build to build the standalone JavaScript for client-side use
    • $ npm test to run the tests

    License

    This software is free to use under the Yahoo BSD license. See the LICENSE file for license text and copyright information.

    Install

    npm i secure-handlebars-helpers

    DownloadsWeekly Downloads

    2

    Version

    1.0.7

    License

    none

    Last publish

    Collaborators

    • adon
    • davglass
    • neraliu
    • yukinying