1.0.7 • Published 9 years ago

secure-handlebars-helpers v1.0.7

Weekly downloads
11
License
-
Repository
github
Last release
9 years ago

secure-handlebars-helpers

npm version dependency status Build Status

This handy client-side script registers the required XSS output filtering functions as handlebars' helpers, and is designed ONLY for templates that already have the context-sensitive filter markup (e.g., <title>{{{yd title}}}</title>) automatically inserted using secure-handlebars.

Quick Start

Client-side (browser)

Download the latest version at dist/secure-handlebars-helpers.min.js, and embed it after the handlebars script file.

<script type="text/javascript" src="dist/handlebars.js"></script>
<script type="text/javascript" src="dist/secure-handlebars-helpers.min.js"></script>

<script type="text/javascript">
var compiledTemplate = Handlebars.compile("<title>{{{yd title}}}</title>");
// html is assigned <title>&lt;script>alert('xss')&lt;/script></title>
var html = compiledTemplate({
    title: "<script>alert('xss')</script>"
});
</script>

Note: Read more about the underlying output filtering principle at xss-filters.

Contribute

To contribute, you will make changes in src/ and tests/, followed by the following commands:

  • $ npm run-script build to build the standalone JavaScript for client-side use
  • $ npm test to run the tests

License

This software is free to use under the Yahoo BSD license. See the LICENSE file for license text and copyright information.

xsssecurityescapeencodefiltercontexthtml5handlebarshelpers
xss-filters
@infinitebrahmanuniverse/nolb-sec@everything-registry/sub-chunk-2726
1.0.7

9 years ago

1.0.6

9 years ago

1.0.5

9 years ago

1.0.4

9 years ago

1.0.3

9 years ago

1.0.2

9 years ago

1.0.1

9 years ago

1.0.0

9 years ago