This handy client-side script registers the required XSS output filtering functions as handlebars' helpers, and is designed ONLY for templates that already have the context-sensitive filter markup (e.g., <title>{{{yd title}}}</title>) automatically inserted using secure-handlebars.
Download the latest version at dist/secure-handlebars-helpers.min.js, and embed it after the handlebars script file.
<script type="text/javascript" src="dist/handlebars.js"></script>
<script type="text/javascript" src="dist/secure-handlebars-helpers.min.js"></script>
Â
<script type="text/javascript">
var compiledTemplate = Handlebars.compile("<title>{{{yd title}}}</title>");
var html = compiledTemplate({
    title: "<script>alert('xss')</script>"
});
</script>Â
Note: Read more about the underlying output filtering principle at xss-filters.
ContributeTo contribute, you will make changes in src/ and tests/, followed by the following commands:
$ npm run-script build to build the standalone JavaScript for client-side use$ npm test to run the testsThis software is free to use under the Yahoo BSD license. See the LICENSE file for license text and copyright information.
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4