update ejs module to 1.0.0

debomatic-webui/node_modules/ejs/History.md

 
+1.0.0 / 2014-03-24
+==================
+
+ * change: escape & even if it looks like an HTML entity. Don't try to prevent double-escaping.
+
+0.8.6 / 2014-03-21
+==================
+
+ * fix: Escape & even if it looks like an HTML entity. Don't try to prevent double-escaping.
+
 0.8.5 / 2013-11-21
 ==================
 

debomatic-webui/node_modules/ejs/ejs.js

@@ -193,8 +193,13 @@ var parse = exports.parse = function(str, options){
           postfix = "; buf.push('";
       }
 
-      var end = str.indexOf(close, i)
-        , js = str.substring(i, end)
+      var end = str.indexOf(close, i);
+
+      if (end < 0){
+        throw new Error('Could not find matching close tag "' + close + '".');
+      }
+
+      var js = str.substring(i, end)
         , start = i
         , include = null
         , n = 0;
@@ -633,7 +638,7 @@ require.register("utils.js", function(module, exports, require){
 
 exports.escape = function(html){
   return String(html)
-    .replace(/&(?!#?[a-zA-Z0-9]+;)/g, '&amp;')
+    .replace(/&/g, '&amp;')
     .replace(/</g, '&lt;')
     .replace(/>/g, '&gt;')
     .replace(/'/g, '&#39;')

debomatic-webui/node_modules/ejs/lib/ejs.js

@@ -141,8 +141,13 @@ var parse = exports.parse = function(str, options){
           postfix = "; buf.push('";
       }
 
-      var end = str.indexOf(close, i)
-        , js = str.substring(i, end)
+      var end = str.indexOf(close, i);
+
+      if (end < 0){
+        throw new Error('Could not find matching close tag "' + close + '".');
+      }
+
+      var js = str.substring(i, end)
         , start = i
         , include = null
         , n = 0;

debomatic-webui/node_modules/ejs/lib/utils.js

@@ -15,7 +15,7 @@
 
 exports.escape = function(html){
   return String(html)
-    .replace(/&(?!#?[a-zA-Z0-9]+;)/g, '&')
+    .replace(/&/g, '&')
     .replace(/</g, '&lt;')
     .replace(/>/g, '&gt;')
     .replace(/'/g, '&#39;')

debomatic-webui/node_modules/ejs/package.json

 {
   "name": "ejs",
   "description": "Embedded JavaScript templates",
-  "version": "0.8.5",
+  "version": "1.0.0",
   "author": {
     "name": "TJ Holowaychuk",
     "email": "tj@vision-media.ca"
@@ -28,6 +28,6 @@
   "bugs": {
     "url": "https://github.com/visionmedia/ejs/issues"
   },
-  "_id": "ejs@0.8.5",
+  "_id": "ejs@1.0.0",
   "_from": "ejs@>= 0.0.1"
 }

debomatic-webui/node_modules/ejs/test/ejs.js

@@ -129,22 +129,17 @@ describe('ejs.renderFile(path, options, fn)', function(){
 })
 
 describe('<%=', function(){
-  it('should escape <script>', function(){
-    ejs.render('<%= name %>', { name: '<script>' })
-      .should.equal('&lt;script&gt;');
+
+  it('should escape &amp;<script>', function(){
+    ejs.render('<%= name %>', { name: '&nbsp;<script>' })
+      .should.equal('&amp;nbsp;&lt;script&gt;');
   })
+
   it("should escape '", function(){
     ejs.render('<%= name %>', { name: "The Jones's" })
       .should.equal('The Jones&#39;s');
   })
-  it("shouldn't escape &amp;", function(){
-    ejs.render('<%= name %>', { name: "Us &amp; Them" })
-      .should.equal('Us &amp; Them');
-  })
-  it("shouldn't escape &#93;", function(){
-    ejs.render('<%= name %>', { name: "The Jones&#39;s" })
-      .should.equal('The Jones&#39;s');
-  })
+  
   it("should escape &foo_bar;", function(){
     ejs.render('<%= name %>', { name: "&foo_bar;" })
       .should.equal('&amp;foo_bar;');
@@ -156,6 +151,15 @@ describe('<%-', function(){
     ejs.render('<%- name %>', { name: '<script>' })
       .should.equal('<script>');
   })
+
+  it('should terminate gracefully if no close tag is found', function(){
+    try {
+      ejs.compile('<h1>oops</h1><%- name ->')
+      throw new Error('Expected parse failure');
+    } catch (err) {
+      err.message.should.equal('Could not find matching close tag "%>".');      
+    }      
+  })
 })
 
 describe('%>', function(){