From 09145e68cd5ce274c919b30e818bb3cd83cce17c Mon Sep 17 00:00:00 2001 From: Joffrey JAFFEUX Date: Tue, 7 Apr 2020 17:01:02 +0200 Subject: [PATCH] DEV: upgrades vendored handlebars to 4.7.6 (#9371) --- package.json | 2 +- vendor/assets/javascripts/handlebars.js | 400 +++++++++++++----- .../assets/javascripts/handlebars.runtime.js | 286 +++++++++++-- yarn.lock | 38 +- 4 files changed, 570 insertions(+), 156 deletions(-) diff --git a/package.json b/package.json index 7c327e06eba..fa7ea121859 100644 --- a/package.json +++ b/package.json @@ -14,7 +14,7 @@ "chart.js": "2.9.3", "eslint-plugin-lodash": "^6.0.0", "favcount": "https://github.com/chrishunt/favcount", - "handlebars": "^4.3.0", + "handlebars": "^4.7.0", "highlight.js": "https://github.com/highlightjs/highlight.js", "htmlparser": "https://github.com/tautologistics/node-htmlparser", "intersection-observer": "^0.5.1", diff --git a/vendor/assets/javascripts/handlebars.js b/vendor/assets/javascripts/handlebars.js index 646b3c3b460..05d9f6141a6 100644 --- a/vendor/assets/javascripts/handlebars.js +++ b/vendor/assets/javascripts/handlebars.js @@ -1,9 +1,9 @@ /**! @license - handlebars v4.5.3 + handlebars v4.7.6 -Copyright (C) 2011-2017 by Yehuda Katz +Copyright (C) 2011-2019 by Yehuda Katz Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal @@ -92,23 +92,23 @@ return /******/ (function(modules) { // webpackBootstrap // Compiler imports - var _handlebarsCompilerAst = __webpack_require__(40); + var _handlebarsCompilerAst = __webpack_require__(45); var _handlebarsCompilerAst2 = _interopRequireDefault(_handlebarsCompilerAst); - var _handlebarsCompilerBase = __webpack_require__(41); + var _handlebarsCompilerBase = __webpack_require__(46); - var _handlebarsCompilerCompiler = __webpack_require__(46); + var _handlebarsCompilerCompiler = __webpack_require__(51); - var _handlebarsCompilerJavascriptCompiler = __webpack_require__(49); + var _handlebarsCompilerJavascriptCompiler = __webpack_require__(52); var _handlebarsCompilerJavascriptCompiler2 = _interopRequireDefault(_handlebarsCompilerJavascriptCompiler); - var _handlebarsCompilerVisitor = __webpack_require__(44); + var _handlebarsCompilerVisitor = __webpack_require__(49); var _handlebarsCompilerVisitor2 = _interopRequireDefault(_handlebarsCompilerVisitor); - var _handlebarsNoConflict = __webpack_require__(39); + var _handlebarsNoConflict = __webpack_require__(44); var _handlebarsNoConflict2 = _interopRequireDefault(_handlebarsNoConflict); @@ -178,7 +178,7 @@ return /******/ (function(modules) { // webpackBootstrap // Each of these augment the Handlebars object. No need to setup here. // (This is done to easily share code between commonjs and browse envs) - var _handlebarsSafeString = __webpack_require__(33); + var _handlebarsSafeString = __webpack_require__(37); var _handlebarsSafeString2 = _interopRequireDefault(_handlebarsSafeString); @@ -190,11 +190,11 @@ return /******/ (function(modules) { // webpackBootstrap var Utils = _interopRequireWildcard(_handlebarsUtils); - var _handlebarsRuntime = __webpack_require__(34); + var _handlebarsRuntime = __webpack_require__(38); var runtime = _interopRequireWildcard(_handlebarsRuntime); - var _handlebarsNoConflict = __webpack_require__(39); + var _handlebarsNoConflict = __webpack_require__(44); var _handlebarsNoConflict2 = _interopRequireDefault(_handlebarsNoConflict); @@ -276,7 +276,9 @@ return /******/ (function(modules) { // webpackBootstrap var _logger2 = _interopRequireDefault(_logger); - var VERSION = '4.5.3'; + var _internalProtoAccess = __webpack_require__(33); + + var VERSION = '4.7.6'; exports.VERSION = VERSION; var COMPILER_REVISION = 8; exports.COMPILER_REVISION = COMPILER_REVISION; @@ -352,6 +354,13 @@ return /******/ (function(modules) { // webpackBootstrap }, unregisterDecorator: function unregisterDecorator(name) { delete this.decorators[name]; + }, + /** + * Reset the memory of illegal property accesses that have already been logged. + * @deprecated should only be used in handlebars test-cases + */ + resetLoggedPropertyAccesses: function resetLoggedPropertyAccesses() { + _internalProtoAccess.resetLoggedProperties(); } }; @@ -375,7 +384,6 @@ return /******/ (function(modules) { // webpackBootstrap exports.createFrame = createFrame; exports.blockParams = blockParams; exports.appendContextPath = appendContextPath; - var escape = { '&': '&', '<': '<', @@ -499,7 +507,6 @@ return /******/ (function(modules) { // webpackBootstrap var _Object$defineProperty = __webpack_require__(7)['default']; exports.__esModule = true; - var errorProps = ['description', 'fileName', 'lineNumber', 'endLineNumber', 'message', 'name', 'number', 'stack']; function Exception(message, node) { @@ -1047,7 +1054,11 @@ return /******/ (function(modules) { // webpackBootstrap if (arguments.length != 2) { throw new _exception2['default']('#unless requires exactly one argument'); } - return instance.helpers['if'].call(this, conditional, { fn: options.inverse, inverse: options.fn, hash: options.hash }); + return instance.helpers['if'].call(this, conditional, { + fn: options.inverse, + inverse: options.fn, + hash: options.hash + }); }); }; @@ -1090,22 +1101,19 @@ return /******/ (function(modules) { // webpackBootstrap 'use strict'; exports.__esModule = true; - var dangerousPropertyRegex = /^(constructor|__defineGetter__|__defineSetter__|__lookupGetter__|__proto__)$/; - - exports.dangerousPropertyRegex = dangerousPropertyRegex; exports['default'] = function (instance) { - instance.registerHelper('lookup', function (obj, field) { + instance.registerHelper('lookup', function (obj, field, options) { if (!obj) { + // Note for 5.0: Change to "obj == null" in 5.0 return obj; } - if (dangerousPropertyRegex.test(String(field)) && !Object.prototype.propertyIsEnumerable.call(obj, field)) { - return undefined; - } - return obj[field]; + return options.lookupProperty(obj, field); }); }; + module.exports = exports['default']; + /***/ }), /* 29 */ /***/ (function(module, exports, __webpack_require__) { @@ -1238,8 +1246,8 @@ return /******/ (function(modules) { // webpackBootstrap if (typeof console !== 'undefined' && logger.lookupLevel(logger.level) <= level) { var method = logger.methodMap[level]; + // eslint-disable-next-line no-console if (!console[method]) { - // eslint-disable-line no-console method = 'log'; } @@ -1257,6 +1265,129 @@ return /******/ (function(modules) { // webpackBootstrap /***/ }), /* 33 */ +/***/ (function(module, exports, __webpack_require__) { + + 'use strict'; + + var _Object$create = __webpack_require__(34)['default']; + + var _Object$keys = __webpack_require__(13)['default']; + + var _interopRequireWildcard = __webpack_require__(3)['default']; + + exports.__esModule = true; + exports.createProtoAccessControl = createProtoAccessControl; + exports.resultIsAllowed = resultIsAllowed; + exports.resetLoggedProperties = resetLoggedProperties; + + var _createNewLookupObject = __webpack_require__(36); + + var _logger = __webpack_require__(32); + + var logger = _interopRequireWildcard(_logger); + + var loggedProperties = _Object$create(null); + + function createProtoAccessControl(runtimeOptions) { + var defaultMethodWhiteList = _Object$create(null); + defaultMethodWhiteList['constructor'] = false; + defaultMethodWhiteList['__defineGetter__'] = false; + defaultMethodWhiteList['__defineSetter__'] = false; + defaultMethodWhiteList['__lookupGetter__'] = false; + + var defaultPropertyWhiteList = _Object$create(null); + // eslint-disable-next-line no-proto + defaultPropertyWhiteList['__proto__'] = false; + + return { + properties: { + whitelist: _createNewLookupObject.createNewLookupObject(defaultPropertyWhiteList, runtimeOptions.allowedProtoProperties), + defaultValue: runtimeOptions.allowProtoPropertiesByDefault + }, + methods: { + whitelist: _createNewLookupObject.createNewLookupObject(defaultMethodWhiteList, runtimeOptions.allowedProtoMethods), + defaultValue: runtimeOptions.allowProtoMethodsByDefault + } + }; + } + + function resultIsAllowed(result, protoAccessControl, propertyName) { + if (typeof result === 'function') { + return checkWhiteList(protoAccessControl.methods, propertyName); + } else { + return checkWhiteList(protoAccessControl.properties, propertyName); + } + } + + function checkWhiteList(protoAccessControlForType, propertyName) { + if (protoAccessControlForType.whitelist[propertyName] !== undefined) { + return protoAccessControlForType.whitelist[propertyName] === true; + } + if (protoAccessControlForType.defaultValue !== undefined) { + return protoAccessControlForType.defaultValue; + } + logUnexpecedPropertyAccessOnce(propertyName); + return false; + } + + function logUnexpecedPropertyAccessOnce(propertyName) { + if (loggedProperties[propertyName] !== true) { + loggedProperties[propertyName] = true; + logger.log('error', 'Handlebars: Access has been denied to resolve the property "' + propertyName + '" because it is not an "own property" of its parent.\n' + 'You can add a runtime option to disable the check or this warning:\n' + 'See https://handlebarsjs.com/api-reference/runtime-options.html#options-to-control-prototype-access for details'); + } + } + + function resetLoggedProperties() { + _Object$keys(loggedProperties).forEach(function (propertyName) { + delete loggedProperties[propertyName]; + }); + } + +/***/ }), +/* 34 */ +/***/ (function(module, exports, __webpack_require__) { + + module.exports = { "default": __webpack_require__(35), __esModule: true }; + +/***/ }), +/* 35 */ +/***/ (function(module, exports, __webpack_require__) { + + var $ = __webpack_require__(9); + module.exports = function create(P, D){ + return $.create(P, D); + }; + +/***/ }), +/* 36 */ +/***/ (function(module, exports, __webpack_require__) { + + 'use strict'; + + var _Object$create = __webpack_require__(34)['default']; + + exports.__esModule = true; + exports.createNewLookupObject = createNewLookupObject; + + var _utils = __webpack_require__(5); + + /** + * Create a new object with "null"-prototype to avoid truthy results on prototype properties. + * The resulting object can be used with "object[property]" to check if a property exists + * @param {...object} sources a varargs parameter of source objects that will be merged + * @returns {object} + */ + + function createNewLookupObject() { + for (var _len = arguments.length, sources = Array(_len), _key = 0; _key < _len; _key++) { + sources[_key] = arguments[_key]; + } + + return _utils.extend.apply(undefined, [_Object$create(null)].concat(sources)); + } + +/***/ }), +/* 37 */ /***/ (function(module, exports) { // Build out our basic SafeString type @@ -1275,12 +1406,14 @@ return /******/ (function(modules) { // webpackBootstrap module.exports = exports['default']; /***/ }), -/* 34 */ +/* 38 */ /***/ (function(module, exports, __webpack_require__) { 'use strict'; - var _Object$seal = __webpack_require__(35)['default']; + var _Object$seal = __webpack_require__(39)['default']; + + var _Object$keys = __webpack_require__(13)['default']; var _interopRequireWildcard = __webpack_require__(3)['default']; @@ -1306,6 +1439,10 @@ return /******/ (function(modules) { // webpackBootstrap var _helpers = __webpack_require__(10); + var _internalWrapHelper = __webpack_require__(43); + + var _internalProtoAccess = __webpack_require__(33); + function checkRevision(compilerInfo) { var compilerRevision = compilerInfo && compilerInfo[0] || 1, currentRevision = _base.COMPILER_REVISION; @@ -1325,7 +1462,6 @@ return /******/ (function(modules) { // webpackBootstrap } function template(templateSpec, env) { - /* istanbul ignore next */ if (!env) { throw new _exception2['default']('No environment passed to template'); @@ -1352,13 +1488,16 @@ return /******/ (function(modules) { // webpackBootstrap } partial = env.VM.resolvePartial.call(this, partial, context, options); - var optionsWithHooks = Utils.extend({}, options, { hooks: this.hooks }); + var extendedOptions = Utils.extend({}, options, { + hooks: this.hooks, + protoAccessControl: this.protoAccessControl + }); - var result = env.VM.invokePartial.call(this, partial, context, optionsWithHooks); + var result = env.VM.invokePartial.call(this, partial, context, extendedOptions); if (result == null && env.compile) { options.partials[options.name] = env.compile(partial, templateSpec.compilerOptions, env); - result = options.partials[options.name](context, optionsWithHooks); + result = options.partials[options.name](context, extendedOptions); } if (result != null) { if (options.indent) { @@ -1382,14 +1521,31 @@ return /******/ (function(modules) { // webpackBootstrap var container = { strict: function strict(obj, name, loc) { if (!obj || !(name in obj)) { - throw new _exception2['default']('"' + name + '" not defined in ' + obj, { loc: loc }); + throw new _exception2['default']('"' + name + '" not defined in ' + obj, { + loc: loc + }); } return obj[name]; }, + lookupProperty: function lookupProperty(parent, propertyName) { + var result = parent[propertyName]; + if (result == null) { + return result; + } + if (Object.prototype.hasOwnProperty.call(parent, propertyName)) { + return result; + } + + if (_internalProtoAccess.resultIsAllowed(result, container.protoAccessControl, propertyName)) { + return result; + } + return undefined; + }, lookup: function lookup(depths, name) { var len = depths.length; for (var i = 0; i < len; i++) { - if (depths[i] && depths[i][name] != null) { + var result = depths[i] && container.lookupProperty(depths[i], name); + if (result != null) { return depths[i][name]; } } @@ -1425,6 +1581,15 @@ return /******/ (function(modules) { // webpackBootstrap } return value; }, + mergeIfNeeded: function mergeIfNeeded(param, common) { + var obj = param || common; + + if (param && common && param !== common) { + obj = Utils.extend({}, common, param); + } + + return obj; + }, // An empty object to use as replacement for null-contexts nullContext: _Object$seal({}), @@ -1454,28 +1619,35 @@ return /******/ (function(modules) { // webpackBootstrap function main(context /*, options*/) { return '' + templateSpec.main(container, context, container.helpers, container.partials, data, blockParams, depths); } + main = executeDecorators(templateSpec.main, main, container, options.depths || [], data, blockParams); return main(context, options); } + ret.isTop = true; ret._setup = function (options) { if (!options.partial) { - container.helpers = Utils.extend({}, env.helpers, options.helpers); + var mergedHelpers = Utils.extend({}, env.helpers, options.helpers); + wrapHelpersToPassLookupProperty(mergedHelpers, container); + container.helpers = mergedHelpers; if (templateSpec.usePartial) { - container.partials = Utils.extend({}, env.partials, options.partials); + // Use mergeIfNeeded here to prevent compiling global partials multiple times + container.partials = container.mergeIfNeeded(options.partials, env.partials); } if (templateSpec.usePartial || templateSpec.useDecorators) { container.decorators = Utils.extend({}, env.decorators, options.decorators); } container.hooks = {}; + container.protoAccessControl = _internalProtoAccess.createProtoAccessControl(options); var keepHelperInHelpers = options.allowCallsToHelperMissing || templateWasPrecompiledWithCompilerV7; _helpers.moveHelperToHooks(container, 'helperMissing', keepHelperInHelpers); _helpers.moveHelperToHooks(container, 'blockHelperMissing', keepHelperInHelpers); } else { + container.protoAccessControl = options.protoAccessControl; // internal option container.helpers = options.helpers; container.partials = options.partials; container.decorators = options.decorators; @@ -1596,25 +1768,39 @@ return /******/ (function(modules) { // webpackBootstrap return prog; } -/***/ }), -/* 35 */ -/***/ (function(module, exports, __webpack_require__) { + function wrapHelpersToPassLookupProperty(mergedHelpers, container) { + _Object$keys(mergedHelpers).forEach(function (helperName) { + var helper = mergedHelpers[helperName]; + mergedHelpers[helperName] = passLookupPropertyOption(helper, container); + }); + } - module.exports = { "default": __webpack_require__(36), __esModule: true }; + function passLookupPropertyOption(helper, container) { + var lookupProperty = container.lookupProperty; + return _internalWrapHelper.wrapHelper(helper, function (options) { + return Utils.extend({ lookupProperty: lookupProperty }, options); + }); + } /***/ }), -/* 36 */ +/* 39 */ /***/ (function(module, exports, __webpack_require__) { - __webpack_require__(37); + module.exports = { "default": __webpack_require__(40), __esModule: true }; + +/***/ }), +/* 40 */ +/***/ (function(module, exports, __webpack_require__) { + + __webpack_require__(41); module.exports = __webpack_require__(21).Object.seal; /***/ }), -/* 37 */ +/* 41 */ /***/ (function(module, exports, __webpack_require__) { // 19.1.2.17 Object.seal(O) - var isObject = __webpack_require__(38); + var isObject = __webpack_require__(42); __webpack_require__(18)('seal', function($seal){ return function seal(it){ @@ -1623,7 +1809,7 @@ return /******/ (function(modules) { // webpackBootstrap }); /***/ }), -/* 38 */ +/* 42 */ /***/ (function(module, exports) { module.exports = function(it){ @@ -1631,12 +1817,34 @@ return /******/ (function(modules) { // webpackBootstrap }; /***/ }), -/* 39 */ +/* 43 */ /***/ (function(module, exports) { - /* WEBPACK VAR INJECTION */(function(global) {/* global window */ 'use strict'; + exports.__esModule = true; + exports.wrapHelper = wrapHelper; + + function wrapHelper(helper, transformOptionsFn) { + if (typeof helper !== 'function') { + // This should not happen, but apparently it does in https://github.com/wycats/handlebars.js/issues/1639 + // We try to make the wrapper least-invasive by not wrapping it, if the helper is not a function. + return helper; + } + var wrapper = function wrapper() /* dynamic arguments */{ + var options = arguments[arguments.length - 1]; + arguments[arguments.length - 1] = transformOptionsFn(options); + return helper.apply(this, arguments); + }; + return wrapper; + } + +/***/ }), +/* 44 */ +/***/ (function(module, exports) { + + /* WEBPACK VAR INJECTION */(function(global) {'use strict'; + exports.__esModule = true; exports['default'] = function (Handlebars) { @@ -1656,7 +1864,7 @@ return /******/ (function(modules) { // webpackBootstrap /* WEBPACK VAR INJECTION */}.call(exports, (function() { return this; }()))) /***/ }), -/* 40 */ +/* 45 */ /***/ (function(module, exports) { 'use strict'; @@ -1691,7 +1899,7 @@ return /******/ (function(modules) { // webpackBootstrap module.exports = exports['default']; /***/ }), -/* 41 */ +/* 46 */ /***/ (function(module, exports, __webpack_require__) { 'use strict'; @@ -1704,15 +1912,15 @@ return /******/ (function(modules) { // webpackBootstrap exports.parseWithoutProcessing = parseWithoutProcessing; exports.parse = parse; - var _parser = __webpack_require__(42); + var _parser = __webpack_require__(47); var _parser2 = _interopRequireDefault(_parser); - var _whitespaceControl = __webpack_require__(43); + var _whitespaceControl = __webpack_require__(48); var _whitespaceControl2 = _interopRequireDefault(_whitespaceControl); - var _helpers = __webpack_require__(45); + var _helpers = __webpack_require__(50); var Helpers = _interopRequireWildcard(_helpers); @@ -1749,7 +1957,7 @@ return /******/ (function(modules) { // webpackBootstrap } /***/ }), -/* 42 */ +/* 47 */ /***/ (function(module, exports) { // File ignored in coverage tests via setting in .istanbul.yml @@ -2490,7 +2698,7 @@ return /******/ (function(modules) { // webpackBootstrap module.exports = exports["default"]; /***/ }), -/* 43 */ +/* 48 */ /***/ (function(module, exports, __webpack_require__) { 'use strict'; @@ -2499,7 +2707,7 @@ return /******/ (function(modules) { // webpackBootstrap exports.__esModule = true; - var _visitor = __webpack_require__(44); + var _visitor = __webpack_require__(49); var _visitor2 = _interopRequireDefault(_visitor); @@ -2714,7 +2922,7 @@ return /******/ (function(modules) { // webpackBootstrap module.exports = exports['default']; /***/ }), -/* 44 */ +/* 49 */ /***/ (function(module, exports, __webpack_require__) { 'use strict'; @@ -2857,7 +3065,7 @@ return /******/ (function(modules) { // webpackBootstrap module.exports = exports['default']; /***/ }), -/* 45 */ +/* 50 */ /***/ (function(module, exports, __webpack_require__) { 'use strict'; @@ -3088,14 +3296,14 @@ return /******/ (function(modules) { // webpackBootstrap } /***/ }), -/* 46 */ +/* 51 */ /***/ (function(module, exports, __webpack_require__) { /* eslint-disable new-cap */ 'use strict'; - var _Object$create = __webpack_require__(47)['default']; + var _Object$create = __webpack_require__(34)['default']; var _interopRequireDefault = __webpack_require__(1)['default']; @@ -3110,7 +3318,7 @@ return /******/ (function(modules) { // webpackBootstrap var _utils = __webpack_require__(5); - var _ast = __webpack_require__(40); + var _ast = __webpack_require__(45); var _ast2 = _interopRequireDefault(_ast); @@ -3165,14 +3373,14 @@ return /******/ (function(modules) { // webpackBootstrap options.blockParams = options.blockParams || []; options.knownHelpers = _utils.extend(_Object$create(null), { - 'helperMissing': true, - 'blockHelperMissing': true, - 'each': true, + helperMissing: true, + blockHelperMissing: true, + each: true, 'if': true, - 'unless': true, + unless: true, 'with': true, - 'log': true, - 'lookup': true + log: true, + lookup: true }, options.knownHelpers); return this.accept(program); @@ -3439,7 +3647,11 @@ return /******/ (function(modules) { // webpackBootstrap // HELPERS opcode: function opcode(name) { - this.opcodes.push({ opcode: name, args: slice.call(arguments, 1), loc: this.sourceNode[0].loc }); + this.opcodes.push({ + opcode: name, + args: slice.call(arguments, 1), + loc: this.sourceNode[0].loc + }); }, addDepth: function addDepth(depth) { @@ -3655,22 +3867,7 @@ return /******/ (function(modules) { // webpackBootstrap } /***/ }), -/* 47 */ -/***/ (function(module, exports, __webpack_require__) { - - module.exports = { "default": __webpack_require__(48), __esModule: true }; - -/***/ }), -/* 48 */ -/***/ (function(module, exports, __webpack_require__) { - - var $ = __webpack_require__(9); - module.exports = function create(P, D){ - return $.create(P, D); - }; - -/***/ }), -/* 49 */ +/* 52 */ /***/ (function(module, exports, __webpack_require__) { 'use strict'; @@ -3689,12 +3886,10 @@ return /******/ (function(modules) { // webpackBootstrap var _utils = __webpack_require__(5); - var _codeGen = __webpack_require__(50); + var _codeGen = __webpack_require__(53); var _codeGen2 = _interopRequireDefault(_codeGen); - var _helpersLookup = __webpack_require__(28); - function Literal(value) { this.value = value; } @@ -3704,20 +3899,8 @@ return /******/ (function(modules) { // webpackBootstrap JavaScriptCompiler.prototype = { // PUBLIC API: You can override these methods in a subclass to provide // alternative compiled forms for name lookup and buffering semantics - nameLookup: function nameLookup(parent, name /* , type*/) { - if (_helpersLookup.dangerousPropertyRegex.test(name)) { - var isEnumerable = [this.aliasable('container.propertyIsEnumerable'), '.call(', parent, ',', JSON.stringify(name), ')']; - return ['(', isEnumerable, '?', _actualLookup(), ' : undefined)']; - } - return _actualLookup(); - - function _actualLookup() { - if (JavaScriptCompiler.isValidJavaScriptVariableName(name)) { - return [parent, '.', name]; - } else { - return [parent, '[', JSON.stringify(name), ']']; - } - } + nameLookup: function nameLookup(parent, name /*, type */) { + return this.internalNameLookup(parent, name); }, depthedLookup: function depthedLookup(name) { return [this.aliasable('container.lookup'), '(depths, "', name, '")']; @@ -3753,6 +3936,12 @@ return /******/ (function(modules) { // webpackBootstrap return this.quotedString(''); }, // END PUBLIC API + internalNameLookup: function internalNameLookup(parent, name) { + this.lookupPropertyFunctionIsUsed = true; + return ['lookupProperty(', parent, ',', JSON.stringify(name), ')']; + }, + + lookupPropertyFunctionIsUsed: false, compile: function compile(environment, options, context, asObject) { this.environment = environment; @@ -3811,7 +4000,7 @@ return /******/ (function(modules) { // webpackBootstrap if (!this.decorators.isEmpty()) { this.useDecorators = true; - this.decorators.prepend('var decorators = container.decorators;\n'); + this.decorators.prepend(['var decorators = container.decorators, ', this.lookupPropertyFunctionVarDeclaration(), ';\n']); this.decorators.push('return fn;'); if (asObject) { @@ -3924,6 +4113,10 @@ return /******/ (function(modules) { // webpackBootstrap } }); + if (this.lookupPropertyFunctionIsUsed) { + varDeclarations += ', ' + this.lookupPropertyFunctionVarDeclaration(); + } + var params = ['container', 'depth0', 'helpers', 'partials', 'data']; if (this.useBlockParams || this.useDepths) { @@ -4002,6 +4195,10 @@ return /******/ (function(modules) { // webpackBootstrap return this.source.merge(); }, + lookupPropertyFunctionVarDeclaration: function lookupPropertyFunctionVarDeclaration() { + return '\n lookupProperty = container.lookupProperty || function(parent, propertyName) {\n if (Object.prototype.hasOwnProperty.call(parent, propertyName)) {\n return parent[propertyName];\n }\n return undefined\n }\n '.trim(); + }, + // [blockValue] // // On stack, before: hash, inverse, program, value @@ -4804,6 +5001,9 @@ return /******/ (function(modules) { // webpackBootstrap } })(); + /** + * @deprecated May be removed in the next major version + */ JavaScriptCompiler.isValidJavaScriptVariableName = function (name) { return !JavaScriptCompiler.RESERVED_WORDS[name] && /^[a-zA-Z_$][0-9a-zA-Z_$]*$/.test(name); }; @@ -4831,7 +5031,7 @@ return /******/ (function(modules) { // webpackBootstrap module.exports = exports['default']; /***/ }), -/* 50 */ +/* 53 */ /***/ (function(module, exports, __webpack_require__) { /* global define */ diff --git a/vendor/assets/javascripts/handlebars.runtime.js b/vendor/assets/javascripts/handlebars.runtime.js index f2255e7830d..ac3976acbd7 100644 --- a/vendor/assets/javascripts/handlebars.runtime.js +++ b/vendor/assets/javascripts/handlebars.runtime.js @@ -1,9 +1,9 @@ /**! @license - handlebars v4.5.3 + handlebars v4.7.6 -Copyright (C) 2011-2017 by Yehuda Katz +Copyright (C) 2011-2019 by Yehuda Katz Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal @@ -95,7 +95,7 @@ return /******/ (function(modules) { // webpackBootstrap // Each of these augment the Handlebars object. No need to setup here. // (This is done to easily share code between commonjs and browse envs) - var _handlebarsSafeString = __webpack_require__(32); + var _handlebarsSafeString = __webpack_require__(36); var _handlebarsSafeString2 = _interopRequireDefault(_handlebarsSafeString); @@ -107,11 +107,11 @@ return /******/ (function(modules) { // webpackBootstrap var Utils = _interopRequireWildcard(_handlebarsUtils); - var _handlebarsRuntime = __webpack_require__(33); + var _handlebarsRuntime = __webpack_require__(37); var runtime = _interopRequireWildcard(_handlebarsRuntime); - var _handlebarsNoConflict = __webpack_require__(38); + var _handlebarsNoConflict = __webpack_require__(43); var _handlebarsNoConflict2 = _interopRequireDefault(_handlebarsNoConflict); @@ -207,7 +207,9 @@ return /******/ (function(modules) { // webpackBootstrap var _logger2 = _interopRequireDefault(_logger); - var VERSION = '4.5.3'; + var _internalProtoAccess = __webpack_require__(32); + + var VERSION = '4.7.6'; exports.VERSION = VERSION; var COMPILER_REVISION = 8; exports.COMPILER_REVISION = COMPILER_REVISION; @@ -283,6 +285,13 @@ return /******/ (function(modules) { // webpackBootstrap }, unregisterDecorator: function unregisterDecorator(name) { delete this.decorators[name]; + }, + /** + * Reset the memory of illegal property accesses that have already been logged. + * @deprecated should only be used in handlebars test-cases + */ + resetLoggedPropertyAccesses: function resetLoggedPropertyAccesses() { + _internalProtoAccess.resetLoggedProperties(); } }; @@ -306,7 +315,6 @@ return /******/ (function(modules) { // webpackBootstrap exports.createFrame = createFrame; exports.blockParams = blockParams; exports.appendContextPath = appendContextPath; - var escape = { '&': '&', '<': '<', @@ -430,7 +438,6 @@ return /******/ (function(modules) { // webpackBootstrap var _Object$defineProperty = __webpack_require__(6)['default']; exports.__esModule = true; - var errorProps = ['description', 'fileName', 'lineNumber', 'endLineNumber', 'message', 'name', 'number', 'stack']; function Exception(message, node) { @@ -978,7 +985,11 @@ return /******/ (function(modules) { // webpackBootstrap if (arguments.length != 2) { throw new _exception2['default']('#unless requires exactly one argument'); } - return instance.helpers['if'].call(this, conditional, { fn: options.inverse, inverse: options.fn, hash: options.hash }); + return instance.helpers['if'].call(this, conditional, { + fn: options.inverse, + inverse: options.fn, + hash: options.hash + }); }); }; @@ -1021,22 +1032,19 @@ return /******/ (function(modules) { // webpackBootstrap 'use strict'; exports.__esModule = true; - var dangerousPropertyRegex = /^(constructor|__defineGetter__|__defineSetter__|__lookupGetter__|__proto__)$/; - - exports.dangerousPropertyRegex = dangerousPropertyRegex; exports['default'] = function (instance) { - instance.registerHelper('lookup', function (obj, field) { + instance.registerHelper('lookup', function (obj, field, options) { if (!obj) { + // Note for 5.0: Change to "obj == null" in 5.0 return obj; } - if (dangerousPropertyRegex.test(String(field)) && !Object.prototype.propertyIsEnumerable.call(obj, field)) { - return undefined; - } - return obj[field]; + return options.lookupProperty(obj, field); }); }; + module.exports = exports['default']; + /***/ }), /* 28 */ /***/ (function(module, exports, __webpack_require__) { @@ -1169,8 +1177,8 @@ return /******/ (function(modules) { // webpackBootstrap if (typeof console !== 'undefined' && logger.lookupLevel(logger.level) <= level) { var method = logger.methodMap[level]; + // eslint-disable-next-line no-console if (!console[method]) { - // eslint-disable-line no-console method = 'log'; } @@ -1188,6 +1196,129 @@ return /******/ (function(modules) { // webpackBootstrap /***/ }), /* 32 */ +/***/ (function(module, exports, __webpack_require__) { + + 'use strict'; + + var _Object$create = __webpack_require__(33)['default']; + + var _Object$keys = __webpack_require__(12)['default']; + + var _interopRequireWildcard = __webpack_require__(1)['default']; + + exports.__esModule = true; + exports.createProtoAccessControl = createProtoAccessControl; + exports.resultIsAllowed = resultIsAllowed; + exports.resetLoggedProperties = resetLoggedProperties; + + var _createNewLookupObject = __webpack_require__(35); + + var _logger = __webpack_require__(31); + + var logger = _interopRequireWildcard(_logger); + + var loggedProperties = _Object$create(null); + + function createProtoAccessControl(runtimeOptions) { + var defaultMethodWhiteList = _Object$create(null); + defaultMethodWhiteList['constructor'] = false; + defaultMethodWhiteList['__defineGetter__'] = false; + defaultMethodWhiteList['__defineSetter__'] = false; + defaultMethodWhiteList['__lookupGetter__'] = false; + + var defaultPropertyWhiteList = _Object$create(null); + // eslint-disable-next-line no-proto + defaultPropertyWhiteList['__proto__'] = false; + + return { + properties: { + whitelist: _createNewLookupObject.createNewLookupObject(defaultPropertyWhiteList, runtimeOptions.allowedProtoProperties), + defaultValue: runtimeOptions.allowProtoPropertiesByDefault + }, + methods: { + whitelist: _createNewLookupObject.createNewLookupObject(defaultMethodWhiteList, runtimeOptions.allowedProtoMethods), + defaultValue: runtimeOptions.allowProtoMethodsByDefault + } + }; + } + + function resultIsAllowed(result, protoAccessControl, propertyName) { + if (typeof result === 'function') { + return checkWhiteList(protoAccessControl.methods, propertyName); + } else { + return checkWhiteList(protoAccessControl.properties, propertyName); + } + } + + function checkWhiteList(protoAccessControlForType, propertyName) { + if (protoAccessControlForType.whitelist[propertyName] !== undefined) { + return protoAccessControlForType.whitelist[propertyName] === true; + } + if (protoAccessControlForType.defaultValue !== undefined) { + return protoAccessControlForType.defaultValue; + } + logUnexpecedPropertyAccessOnce(propertyName); + return false; + } + + function logUnexpecedPropertyAccessOnce(propertyName) { + if (loggedProperties[propertyName] !== true) { + loggedProperties[propertyName] = true; + logger.log('error', 'Handlebars: Access has been denied to resolve the property "' + propertyName + '" because it is not an "own property" of its parent.\n' + 'You can add a runtime option to disable the check or this warning:\n' + 'See https://handlebarsjs.com/api-reference/runtime-options.html#options-to-control-prototype-access for details'); + } + } + + function resetLoggedProperties() { + _Object$keys(loggedProperties).forEach(function (propertyName) { + delete loggedProperties[propertyName]; + }); + } + +/***/ }), +/* 33 */ +/***/ (function(module, exports, __webpack_require__) { + + module.exports = { "default": __webpack_require__(34), __esModule: true }; + +/***/ }), +/* 34 */ +/***/ (function(module, exports, __webpack_require__) { + + var $ = __webpack_require__(8); + module.exports = function create(P, D){ + return $.create(P, D); + }; + +/***/ }), +/* 35 */ +/***/ (function(module, exports, __webpack_require__) { + + 'use strict'; + + var _Object$create = __webpack_require__(33)['default']; + + exports.__esModule = true; + exports.createNewLookupObject = createNewLookupObject; + + var _utils = __webpack_require__(4); + + /** + * Create a new object with "null"-prototype to avoid truthy results on prototype properties. + * The resulting object can be used with "object[property]" to check if a property exists + * @param {...object} sources a varargs parameter of source objects that will be merged + * @returns {object} + */ + + function createNewLookupObject() { + for (var _len = arguments.length, sources = Array(_len), _key = 0; _key < _len; _key++) { + sources[_key] = arguments[_key]; + } + + return _utils.extend.apply(undefined, [_Object$create(null)].concat(sources)); + } + +/***/ }), +/* 36 */ /***/ (function(module, exports) { // Build out our basic SafeString type @@ -1206,12 +1337,14 @@ return /******/ (function(modules) { // webpackBootstrap module.exports = exports['default']; /***/ }), -/* 33 */ +/* 37 */ /***/ (function(module, exports, __webpack_require__) { 'use strict'; - var _Object$seal = __webpack_require__(34)['default']; + var _Object$seal = __webpack_require__(38)['default']; + + var _Object$keys = __webpack_require__(12)['default']; var _interopRequireWildcard = __webpack_require__(1)['default']; @@ -1237,6 +1370,10 @@ return /******/ (function(modules) { // webpackBootstrap var _helpers = __webpack_require__(9); + var _internalWrapHelper = __webpack_require__(42); + + var _internalProtoAccess = __webpack_require__(32); + function checkRevision(compilerInfo) { var compilerRevision = compilerInfo && compilerInfo[0] || 1, currentRevision = _base.COMPILER_REVISION; @@ -1256,7 +1393,6 @@ return /******/ (function(modules) { // webpackBootstrap } function template(templateSpec, env) { - /* istanbul ignore next */ if (!env) { throw new _exception2['default']('No environment passed to template'); @@ -1283,13 +1419,16 @@ return /******/ (function(modules) { // webpackBootstrap } partial = env.VM.resolvePartial.call(this, partial, context, options); - var optionsWithHooks = Utils.extend({}, options, { hooks: this.hooks }); + var extendedOptions = Utils.extend({}, options, { + hooks: this.hooks, + protoAccessControl: this.protoAccessControl + }); - var result = env.VM.invokePartial.call(this, partial, context, optionsWithHooks); + var result = env.VM.invokePartial.call(this, partial, context, extendedOptions); if (result == null && env.compile) { options.partials[options.name] = env.compile(partial, templateSpec.compilerOptions, env); - result = options.partials[options.name](context, optionsWithHooks); + result = options.partials[options.name](context, extendedOptions); } if (result != null) { if (options.indent) { @@ -1313,14 +1452,31 @@ return /******/ (function(modules) { // webpackBootstrap var container = { strict: function strict(obj, name, loc) { if (!obj || !(name in obj)) { - throw new _exception2['default']('"' + name + '" not defined in ' + obj, { loc: loc }); + throw new _exception2['default']('"' + name + '" not defined in ' + obj, { + loc: loc + }); } return obj[name]; }, + lookupProperty: function lookupProperty(parent, propertyName) { + var result = parent[propertyName]; + if (result == null) { + return result; + } + if (Object.prototype.hasOwnProperty.call(parent, propertyName)) { + return result; + } + + if (_internalProtoAccess.resultIsAllowed(result, container.protoAccessControl, propertyName)) { + return result; + } + return undefined; + }, lookup: function lookup(depths, name) { var len = depths.length; for (var i = 0; i < len; i++) { - if (depths[i] && depths[i][name] != null) { + var result = depths[i] && container.lookupProperty(depths[i], name); + if (result != null) { return depths[i][name]; } } @@ -1356,6 +1512,15 @@ return /******/ (function(modules) { // webpackBootstrap } return value; }, + mergeIfNeeded: function mergeIfNeeded(param, common) { + var obj = param || common; + + if (param && common && param !== common) { + obj = Utils.extend({}, common, param); + } + + return obj; + }, // An empty object to use as replacement for null-contexts nullContext: _Object$seal({}), @@ -1385,28 +1550,35 @@ return /******/ (function(modules) { // webpackBootstrap function main(context /*, options*/) { return '' + templateSpec.main(container, context, container.helpers, container.partials, data, blockParams, depths); } + main = executeDecorators(templateSpec.main, main, container, options.depths || [], data, blockParams); return main(context, options); } + ret.isTop = true; ret._setup = function (options) { if (!options.partial) { - container.helpers = Utils.extend({}, env.helpers, options.helpers); + var mergedHelpers = Utils.extend({}, env.helpers, options.helpers); + wrapHelpersToPassLookupProperty(mergedHelpers, container); + container.helpers = mergedHelpers; if (templateSpec.usePartial) { - container.partials = Utils.extend({}, env.partials, options.partials); + // Use mergeIfNeeded here to prevent compiling global partials multiple times + container.partials = container.mergeIfNeeded(options.partials, env.partials); } if (templateSpec.usePartial || templateSpec.useDecorators) { container.decorators = Utils.extend({}, env.decorators, options.decorators); } container.hooks = {}; + container.protoAccessControl = _internalProtoAccess.createProtoAccessControl(options); var keepHelperInHelpers = options.allowCallsToHelperMissing || templateWasPrecompiledWithCompilerV7; _helpers.moveHelperToHooks(container, 'helperMissing', keepHelperInHelpers); _helpers.moveHelperToHooks(container, 'blockHelperMissing', keepHelperInHelpers); } else { + container.protoAccessControl = options.protoAccessControl; // internal option container.helpers = options.helpers; container.partials = options.partials; container.decorators = options.decorators; @@ -1527,25 +1699,39 @@ return /******/ (function(modules) { // webpackBootstrap return prog; } -/***/ }), -/* 34 */ -/***/ (function(module, exports, __webpack_require__) { + function wrapHelpersToPassLookupProperty(mergedHelpers, container) { + _Object$keys(mergedHelpers).forEach(function (helperName) { + var helper = mergedHelpers[helperName]; + mergedHelpers[helperName] = passLookupPropertyOption(helper, container); + }); + } - module.exports = { "default": __webpack_require__(35), __esModule: true }; + function passLookupPropertyOption(helper, container) { + var lookupProperty = container.lookupProperty; + return _internalWrapHelper.wrapHelper(helper, function (options) { + return Utils.extend({ lookupProperty: lookupProperty }, options); + }); + } /***/ }), -/* 35 */ +/* 38 */ /***/ (function(module, exports, __webpack_require__) { - __webpack_require__(36); + module.exports = { "default": __webpack_require__(39), __esModule: true }; + +/***/ }), +/* 39 */ +/***/ (function(module, exports, __webpack_require__) { + + __webpack_require__(40); module.exports = __webpack_require__(20).Object.seal; /***/ }), -/* 36 */ +/* 40 */ /***/ (function(module, exports, __webpack_require__) { // 19.1.2.17 Object.seal(O) - var isObject = __webpack_require__(37); + var isObject = __webpack_require__(41); __webpack_require__(17)('seal', function($seal){ return function seal(it){ @@ -1554,7 +1740,7 @@ return /******/ (function(modules) { // webpackBootstrap }); /***/ }), -/* 37 */ +/* 41 */ /***/ (function(module, exports) { module.exports = function(it){ @@ -1562,12 +1748,34 @@ return /******/ (function(modules) { // webpackBootstrap }; /***/ }), -/* 38 */ +/* 42 */ /***/ (function(module, exports) { - /* WEBPACK VAR INJECTION */(function(global) {/* global window */ 'use strict'; + exports.__esModule = true; + exports.wrapHelper = wrapHelper; + + function wrapHelper(helper, transformOptionsFn) { + if (typeof helper !== 'function') { + // This should not happen, but apparently it does in https://github.com/wycats/handlebars.js/issues/1639 + // We try to make the wrapper least-invasive by not wrapping it, if the helper is not a function. + return helper; + } + var wrapper = function wrapper() /* dynamic arguments */{ + var options = arguments[arguments.length - 1]; + arguments[arguments.length - 1] = transformOptionsFn(options); + return helper.apply(this, arguments); + }; + return wrapper; + } + +/***/ }), +/* 43 */ +/***/ (function(module, exports) { + + /* WEBPACK VAR INJECTION */(function(global) {'use strict'; + exports.__esModule = true; exports['default'] = function (Handlebars) { diff --git a/yarn.lock b/yarn.lock index 94d8af25c3a..7bb2c64415b 100644 --- a/yarn.lock +++ b/yarn.lock @@ -1279,17 +1279,6 @@ graceful-fs@^4.1.2: resolved "https://registry.yarnpkg.com/graceful-fs/-/graceful-fs-4.2.2.tgz#6f0952605d0140c1cfdb138ed005775b92d67b02" integrity sha512-IItsdsea19BoLC7ELy13q1iJFNmd7ofZH5+X/pJr90/nRoPEX0DJo1dHDbgtYWOhJhcCgMDTOw84RZ72q6lB+Q== -handlebars@^4.3.0: - version "4.5.3" - resolved "https://registry.yarnpkg.com/handlebars/-/handlebars-4.5.3.tgz#5cf75bd8714f7605713511a56be7c349becb0482" - integrity sha512-3yPecJoJHK/4c6aZhSvxOyG4vJKDshV36VHp0iVCDVh7o9w2vwi3NSnL2MMPj3YdduqaBcu7cGbggJQM0br9xA== - dependencies: - neo-async "^2.6.0" - optimist "^0.6.1" - source-map "^0.6.1" - optionalDependencies: - uglify-js "^3.1.4" - handlebars@^4.5.1: version "4.7.3" resolved "https://registry.yarnpkg.com/handlebars/-/handlebars-4.7.3.tgz#8ece2797826886cf8082d1726ff21d2a022550ee" @@ -1301,6 +1290,18 @@ handlebars@^4.5.1: optionalDependencies: uglify-js "^3.1.4" +handlebars@^4.7.0: + version "4.7.6" + resolved "https://registry.yarnpkg.com/handlebars/-/handlebars-4.7.6.tgz#d4c05c1baf90e9945f77aa68a7a219aa4a7df74e" + integrity sha512-1f2BACcBfiwAfStCKZNrUCgqNZkGsAT7UM3kkYtXuLo0KnaVfjKOyf7PRzB6++aK9STyT1Pd2ZCPe3EGOXleXA== + dependencies: + minimist "^1.2.5" + neo-async "^2.6.0" + source-map "^0.6.1" + wordwrap "^1.0.0" + optionalDependencies: + uglify-js "^3.1.4" + has-ansi@^2.0.0: version "2.0.0" resolved "https://registry.yarnpkg.com/has-ansi/-/has-ansi-2.0.0.tgz#34f5049ce1ecdf2b0649af3ef24e45ed35416d91" @@ -1873,6 +1874,11 @@ minimist@^1.1.1, minimist@^1.2.0: resolved "https://registry.yarnpkg.com/minimist/-/minimist-1.2.0.tgz#a35008b20f41383eec1fb914f4cd5df79a264284" integrity sha1-o1AIsg9BOD7sH7kU9M1d95omQoQ= +minimist@^1.2.5: + version "1.2.5" + resolved "https://registry.yarnpkg.com/minimist/-/minimist-1.2.5.tgz#67d66014b66a6a8aaa0c083c5fd58df4e4e97602" + integrity sha512-FM9nNUYrRBAELZQT3xeZQ7fmMOBg6nWNmJKTcgsJeaLstP/UODVpGsr5OhXhhXg6f+qtJ8uiZ+PUxkDWcgIXLw== + minimist@~0.0.1: version "0.0.10" resolved "https://registry.yarnpkg.com/minimist/-/minimist-0.0.10.tgz#de3f98543dbf96082be48ad1a0c7cda836301dcf" @@ -2816,16 +2822,16 @@ wordwrap@0.0.2: resolved "https://registry.yarnpkg.com/wordwrap/-/wordwrap-0.0.2.tgz#b79669bb42ecb409f83d583cad52ca17eaa1643f" integrity sha1-t5Zpu0LstAn4PVg8rVLKF+qhZD8= +wordwrap@^1.0.0, wordwrap@~1.0.0: + version "1.0.0" + resolved "https://registry.yarnpkg.com/wordwrap/-/wordwrap-1.0.0.tgz#27584810891456a4171c8d0226441ade90cbcaeb" + integrity sha1-J1hIEIkUVqQXHI0CJkQa3pDLyus= + wordwrap@~0.0.2: version "0.0.3" resolved "https://registry.yarnpkg.com/wordwrap/-/wordwrap-0.0.3.tgz#a3d5da6cd5c0bc0008d37234bbaf1bed63059107" integrity sha1-o9XabNXAvAAI03I0u68b7WMFkQc= -wordwrap@~1.0.0: - version "1.0.0" - resolved "https://registry.yarnpkg.com/wordwrap/-/wordwrap-1.0.0.tgz#27584810891456a4171c8d0226441ade90cbcaeb" - integrity sha1-J1hIEIkUVqQXHI0CJkQa3pDLyus= - workbox-core@^4.3.1: version "4.3.1" resolved "https://registry.yarnpkg.com/workbox-core/-/workbox-core-4.3.1.tgz#005d2c6a06a171437afd6ca2904a5727ecd73be6"