Skip to content

Commit

Permalink
Fix escaping of non-javascript identifiers
Browse files Browse the repository at this point in the history
The ‘ character would cause invalid javascript to be generated as it was not properly escaped. Switching to JSON.stringify safely handles all potential unescaped cases.
  • Loading branch information
kpdecker committed Aug 1, 2015
1 parent 060c087 commit 410141c
Show file tree
Hide file tree
Showing 2 changed files with 7 additions and 3 deletions.
2 changes: 1 addition & 1 deletion lib/handlebars/compiler/javascript-compiler.js
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ JavaScriptCompiler.prototype = {
if (JavaScriptCompiler.isValidJavaScriptVariableName(name)) {
return [parent, '.', name];
} else {
return [parent, "['", name, "']"];
return [parent, '[', JSON.stringify(name), ']'];
}
},
depthedLookup: function(name) {
Expand Down
8 changes: 6 additions & 2 deletions spec/basic.js
Original file line number Diff line number Diff line change
Expand Up @@ -207,8 +207,12 @@ describe('basic context', function() {
});

it('literal references', function() {
shouldCompileTo('Goodbye {{[foo bar]}} world!', {'foo bar': 'beautiful'},
'Goodbye beautiful world!', 'Literal paths can be used');
shouldCompileTo('Goodbye {{[foo bar]}} world!', {'foo bar': 'beautiful'}, 'Goodbye beautiful world!');
shouldCompileTo('Goodbye {{"foo bar"}} world!', {'foo bar': 'beautiful'}, 'Goodbye beautiful world!');
shouldCompileTo("Goodbye {{'foo bar'}} world!", {'foo bar': 'beautiful'}, 'Goodbye beautiful world!');
shouldCompileTo('Goodbye {{"foo[bar"}} world!', {'foo[bar': 'beautiful'}, 'Goodbye beautiful world!');
shouldCompileTo('Goodbye {{"foo\'bar"}} world!', {"foo'bar": 'beautiful'}, 'Goodbye beautiful world!');
shouldCompileTo("Goodbye {{'foo\"bar'}} world!", {'foo"bar': 'beautiful'}, 'Goodbye beautiful world!');
});

it("that current context path ({{.}}) doesn't hit helpers", function() {
Expand Down

0 comments on commit 410141c

Please sign in to comment.