secure-handlebars-helpers

This handy client-side script registers the required XSS output filtering functions as handlebars' helpers, and is designed ONLY for templates that already have the context-sensitive filter markup (e.g., <title>{{{yd title}}}</title>) automatically inserted using secure-handlebars.

Quick Start

Client-side (browser)

Download the latest version at dist/secure-handlebars-helpers.min.js, and embed it after the handlebars script file.

<script type="text/javascript" src="dist/handlebars.js"></script>
<script type="text/javascript" src="dist/secure-handlebars-helpers.min.js"></script>
 
<script type="text/javascript">
var compiledTemplate = Handlebars.compile("<title>{{{yd title}}}</title>");
// html is assigned <title>&lt;script>alert('xss')&lt;/script></title>
var html = compiledTemplate({
    title: "<script>alert('xss')</script>"
});
</script>

Note: Read more about the underlying output filtering principle at xss-filters.

Contribute

To contribute, you will make changes in src/ and tests/, followed by the following commands:

$ npm run-script build to build the standalone JavaScript for client-side use
$ npm test to run the tests

License

This software is free to use under the Yahoo BSD license. See the LICENSE file for license text and copyright information.

secure-handlebars-helpers

secure-handlebars-helpers

Quick Start

Client-side (browser)

Contribute

License

Readme

Keywords

Package Sidebar

Install

Repository

Homepage

Weekly Downloads

Version

License

Last publish

Collaborators

secure-handlebars-helpers

secure-handlebars-helpers

Quick Start

Client-side (browser)

Contribute

License

Readme

Keywords

Package Sidebar

Install

Repository

Homepage

DownloadsWeekly Downloads

Version

License

Last publish

Collaborators

Weekly Downloads