update ejs module to 1.0.0

476e0180 · Leo Iannacone · 361aa1cc · 476e0180 · 476e0180 · 476e0180
Commit 476e0180 authored Mar 24, 2014 by Leo Iannacone
7 changed files
--- a/debomatic-webui/node_modules/ejs/History.md
+++ b/debomatic-webui/node_modules/ejs/History.md

+1.0.0 / 2014-03-24
+==================
+
+ * change: escape & even if it looks like an HTML entity. Don't try to prevent double-escaping.
+
+0.8.6 / 2014-03-21
+==================
+
+ * fix: Escape & even if it looks like an HTML entity. Don't try to prevent double-escaping.
+
 0.8.5 / 2013-11-21
 ==================

@@ -6,60 +16,60 @@
 * fix function name changed by uglify
 * fixes require, closes #78

-0.8.4 / 2013-05-08 
+0.8.4 / 2013-05-08
 ==================

  * fix support for colons in filter arguments
  * fix double callback when the callback throws
  * rename escape option

-0.8.3 / 2012-09-13 
+0.8.3 / 2012-09-13
 ==================

  * allow pre-compiling into a standalone function [seanmonstar]

-0.8.2 / 2012-08-16 
+0.8.2 / 2012-08-16
 ==================

  * fix include "open" / "close" options. Closes #64

-0.8.1 / 2012-08-11 
+0.8.1 / 2012-08-11
 ==================

  * fix comments. Closes #62 [Nate Silva]

-0.8.0 / 2012-07-25 
+0.8.0 / 2012-07-25
 ==================

  * add `<% include file %>` support
  * fix wrapping of custom require in build step. Closes #57

-0.7.3 / 2012-04-25 
+0.7.3 / 2012-04-25
 ==================

  * Added repository to package.json [isaacs]

-0.7.1 / 2012-03-26 
+0.7.1 / 2012-03-26
 ==================

  * Fixed exception when using express in production caused by typo. [slaskis]

-0.7.0 / 2012-03-24 
+0.7.0 / 2012-03-24
 ==================

  * Added newline consumption support (`-%>`) [whoatemydomain]

-0.6.1 / 2011-12-09 
+0.6.1 / 2011-12-09
 ==================

  * Fixed `ejs.renderFile()`

-0.6.0 / 2011-12-09 
+0.6.0 / 2011-12-09
 ==================

  * Changed: you no longer need `{ locals: {} }`

-0.5.0 / 2011-11-20 
+0.5.0 / 2011-11-20
 ==================

  * Added express 3.x support
@@ -67,44 +77,44 @@
  * Added 'json' filter
  * Fixed tests for 0.5.x

-0.4.3 / 2011-06-20 
+0.4.3 / 2011-06-20
 ==================

  * Fixed stacktraces line number when used multiline js expressions [Octave]

-0.4.2 / 2011-05-11 
+0.4.2 / 2011-05-11
 ==================

  * Added client side support

-0.4.1 / 2011-04-21 
+0.4.1 / 2011-04-21
 ==================

  * Fixed error context

-0.4.0 / 2011-04-21 
+0.4.0 / 2011-04-21
 ==================

  * Added; ported jade's error reporting to ejs. [slaskis]

-0.3.1 / 2011-02-23 
+0.3.1 / 2011-02-23
 ==================

  * Fixed optional `compile()` options

-0.3.0 / 2011-02-14 
+0.3.0 / 2011-02-14
 ==================

  * Added 'json' filter [Yuriy Bogdanov]
  * Use exported version of parse function to allow monkey-patching [Anatoliy Chakkaev]

-0.2.1 / 2010-10-07 
+0.2.1 / 2010-10-07
 ==================

  * Added filter support
  * Fixed _cache_ option. ~4x performance increase

-0.2.0 / 2010-08-05 
+0.2.0 / 2010-08-05
 ==================

  * Added support for global tag config

--- a/debomatic-webui/node_modules/ejs/ejs.js
+++ b/debomatic-webui/node_modules/ejs/ejs.js
@@ -144,7 +144,7 @@ function rethrow(err, str, filename, lineno){
    + lineno + '\n'
    + context + '\n\n'
    + err.message;
-  
+
  throw err;
 }

@@ -175,7 +175,7 @@ var parse = exports.parse = function(str, options){
    var stri = str[i];
    if (str.slice(i, open.length + i) == open) {
      i += open.length
-  
+
      var prefix, postfix, line = (compileDebug ? '__stack.lineno=' : '') + lineno;
      switch (str[i]) {
        case '=':
@@ -193,8 +193,13 @@ var parse = exports.parse = function(str, options){
          postfix = "; buf.push('";
      }

-      var end = str.indexOf(close, i)
-        , js = str.substring(i, end)
+      var end = str.indexOf(close, i);
+
+      if (end < 0){
+        throw new Error('Could not find matching close tag "' + close + '".');
+      }
+
+      var js = str.substring(i, end)
        , start = i
        , include = null
        , n = 0;
@@ -259,14 +264,14 @@ var parse = exports.parse = function(str, options){
 var compile = exports.compile = function(str, options){
  options = options || {};
  var escape = options.escape || utils.escape;
-  
+
  var input = JSON.stringify(str)
    , compileDebug = options.compileDebug !== false
    , client = options.client
    , filename = options.filename
        ? JSON.stringify(options.filename)
        : 'undefined';
-  
+
  if (compileDebug) {
    // Adds the fancy stack trace meta info
    str = [
@@ -281,7 +286,7 @@ var compile = exports.compile = function(str, options){
  } else {
    str = exports.parse(str, options);
  }
-  
+
  if (options.debug) console.log(str);
  if (client) str = 'escape = escape || ' + escape.toString() + ';\n' + str;

@@ -633,7 +638,7 @@ require.register("utils.js", function(module, exports, require){

 exports.escape = function(html){
  return String(html)
-    .replace(/&(?!#?[a-zA-Z0-9]+;)/g, '&amp;')
+    .replace(/&/g, '&amp;')
    .replace(/</g, '&lt;')
    .replace(/>/g, '&gt;')
    .replace(/'/g, '&#39;')

--- a/debomatic-webui/node_modules/ejs/ejs.min.js
+++ b/debomatic-webui/node_modules/ejs/ejs.min.js
--- a/debomatic-webui/node_modules/ejs/lib/ejs.js
+++ b/debomatic-webui/node_modules/ejs/lib/ejs.js
@@ -92,7 +92,7 @@ function rethrow(err, str, filename, lineno){
    + lineno + '\n'
    + context + '\n\n'
    + err.message;
-  
+
  throw err;
 }

@@ -123,7 +123,7 @@ var parse = exports.parse = function(str, options){
    var stri = str[i];
    if (str.slice(i, open.length + i) == open) {
      i += open.length
-  
+
      var prefix, postfix, line = (compileDebug ? '__stack.lineno=' : '') + lineno;
      switch (str[i]) {
        case '=':
@@ -141,8 +141,13 @@ var parse = exports.parse = function(str, options){
          postfix = "; buf.push('";
      }

-      var end = str.indexOf(close, i)
-        , js = str.substring(i, end)
+      var end = str.indexOf(close, i);
+
+      if (end < 0){
+        throw new Error('Could not find matching close tag "' + close + '".');
+      }
+
+      var js = str.substring(i, end)
        , start = i
        , include = null
        , n = 0;
@@ -207,14 +212,14 @@ var parse = exports.parse = function(str, options){
 var compile = exports.compile = function(str, options){
  options = options || {};
  var escape = options.escape || utils.escape;
-  
+
  var input = JSON.stringify(str)
    , compileDebug = options.compileDebug !== false
    , client = options.client
    , filename = options.filename
        ? JSON.stringify(options.filename)
        : 'undefined';
-  
+
  if (compileDebug) {
    // Adds the fancy stack trace meta info
    str = [
@@ -229,7 +234,7 @@ var compile = exports.compile = function(str, options){
  } else {
    str = exports.parse(str, options);
  }
-  
+
  if (options.debug) console.log(str);
  if (client) str = 'escape = escape || ' + escape.toString() + ';\n' + str;


--- a/debomatic-webui/node_modules/ejs/lib/utils.js
+++ b/debomatic-webui/node_modules/ejs/lib/utils.js
@@ -15,7 +15,7 @@

 exports.escape = function(html){
  return String(html)
-    .replace(/&(?!#?[a-zA-Z0-9]+;)/g, '&amp;')
+    .replace(/&/g, '&amp;')
    .replace(/</g, '&lt;')
    .replace(/>/g, '&gt;')
    .replace(/'/g, '&#39;')

--- a/debomatic-webui/node_modules/ejs/package.json
+++ b/debomatic-webui/node_modules/ejs/package.json
 {
  "name": "ejs",
  "description": "Embedded JavaScript templates",
-  "version": "0.8.5",
+  "version": "1.0.0",
  "author": {
    "name": "TJ Holowaychuk",
    "email": "tj@vision-media.ca"
@@ -28,6 +28,6 @@
  "bugs": {
    "url": "https://github.com/visionmedia/ejs/issues"
  },
-  "_id": "ejs@0.8.5",
+  "_id": "ejs@1.0.0",
  "_from": "ejs@>= 0.0.1"
 }
--- a/debomatic-webui/node_modules/ejs/test/ejs.js
+++ b/debomatic-webui/node_modules/ejs/test/ejs.js
@@ -129,22 +129,17 @@ describe('ejs.renderFile(path, options, fn)', function(){
 })

 describe('<%=', function(){
-  it('should escape <script>', function(){
-    ejs.render('<%= name %>', { name: '<script>' })
-      .should.equal('&lt;script&gt;');
+
+  it('should escape &amp;<script>', function(){
+    ejs.render('<%= name %>', { name: '&nbsp;<script>' })
+      .should.equal('&amp;nbsp;&lt;script&gt;');
  })
+
  it("should escape '", function(){
    ejs.render('<%= name %>', { name: "The Jones's" })
      .should.equal('The Jones&#39;s');
  })
-  it("shouldn't escape &amp;", function(){
-    ejs.render('<%= name %>', { name: "Us &amp; Them" })
-      .should.equal('Us &amp; Them');
-  })
-  it("shouldn't escape &#93;", function(){
-    ejs.render('<%= name %>', { name: "The Jones&#39;s" })
-      .should.equal('The Jones&#39;s');
-  })
+  
  it("should escape &foo_bar;", function(){
    ejs.render('<%= name %>', { name: "&foo_bar;" })
      .should.equal('&amp;foo_bar;');
@@ -156,6 +151,15 @@ describe('<%-', function(){
    ejs.render('<%- name %>', { name: '<script>' })
      .should.equal('<script>');
  })
+
+  it('should terminate gracefully if no close tag is found', function(){
+    try {
+      ejs.compile('<h1>oops</h1><%- name ->')
+      throw new Error('Expected parse failure');
+    } catch (err) {
+      err.message.should.equal('Could not find matching close tag "%>".');      
+    }      
+  })
 })

 describe('%>', function(){