From 8742bde70159559b0898d3c2c72eb4a2a1c6dd04 Mon Sep 17 00:00:00 2001 From: Nils Knappmeier Date: Fri, 27 Sep 2019 00:09:04 +0200 Subject: [PATCH 1/3] fix test case for browsers that do not support __defineGetter__ --- spec/security.js | 3 +++ 1 file changed, 3 insertions(+) diff --git a/spec/security.js b/spec/security.js index 418541f67..c50bda6d0 100644 --- a/spec/security.js +++ b/spec/security.js @@ -91,6 +91,9 @@ describe('security issues', function() { describe('GH-1563', function() { it('should not allow to access constructor after overriding via __defineGetter__', function() { + if (({}).__defineGetter__ == null || ({}).__lookupGetter__ == null) { + return; // Browser does not support this exploit anyway + } shouldCompileTo('{{__defineGetter__ "undefined" valueOf }}' + '{{#with __lookupGetter__ }}' + '{{__defineGetter__ "propertyIsEnumerable" (this.bind (this.bind 1)) }}' + From 54f7e11b28d81852cfc2cdf9d75c013af989495b Mon Sep 17 00:00:00 2001 From: Nils Knappmeier Date: Fri, 27 Sep 2019 07:46:12 +0200 Subject: [PATCH 2/3] Update release notes --- release-notes.md | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/release-notes.md b/release-notes.md index 9c21c53b0..1f8da4a70 100644 --- a/release-notes.md +++ b/release-notes.md @@ -2,7 +2,13 @@ ## Development -[Commits](https://github.com/wycats/handlebars.js/compare/v4.3.2...master) +[Commits](https://github.com/wycats/handlebars.js/compare/v4.3.3...master) + +## v4.3.3 - September 27th, 2019 + - fix test case for browsers that do not support __defineGetter__ - 8742bde + + +[Commits](https://github.com/wycats/handlebars.js/compare/v4.3.2...v4.3.3) ## v4.3.2 - September 26th, 2019 - Use Object.prototype.propertyIsEnumerable to check for constructors - 213c0bb, #1563 From e4738491b3e8db97aa9b4f9967f04093ceba1a1f Mon Sep 17 00:00:00 2001 From: Nils Knappmeier Date: Fri, 27 Sep 2019 07:46:55 +0200 Subject: [PATCH 3/3] v4.3.3 --- components/bower.json | 2 +- components/handlebars.js.nuspec | 2 +- components/package.json | 2 +- lib/handlebars/base.js | 2 +- package.json | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/components/bower.json b/components/bower.json index 3a6ce5344..77ea1a51e 100644 --- a/components/bower.json +++ b/components/bower.json @@ -1,6 +1,6 @@ { "name": "handlebars", - "version": "4.3.2", + "version": "4.3.3", "main": "handlebars.js", "license": "MIT", "dependencies": {} diff --git a/components/handlebars.js.nuspec b/components/handlebars.js.nuspec index 346e1174c..0da828312 100644 --- a/components/handlebars.js.nuspec +++ b/components/handlebars.js.nuspec @@ -2,7 +2,7 @@ handlebars.js - 4.3.2 + 4.3.3 handlebars.js Authors https://github.com/wycats/handlebars.js/blob/master/LICENSE https://github.com/wycats/handlebars.js/ diff --git a/components/package.json b/components/package.json index 1842c2796..3b544d7a5 100644 --- a/components/package.json +++ b/components/package.json @@ -1,6 +1,6 @@ { "name": "handlebars", - "version": "4.3.2", + "version": "4.3.3", "license": "MIT", "jspm": { "main": "handlebars", diff --git a/lib/handlebars/base.js b/lib/handlebars/base.js index 205978f49..c047af8de 100644 --- a/lib/handlebars/base.js +++ b/lib/handlebars/base.js @@ -4,7 +4,7 @@ import {registerDefaultHelpers} from './helpers'; import {registerDefaultDecorators} from './decorators'; import logger from './logger'; -export const VERSION = '4.3.2'; +export const VERSION = '4.3.3'; export const COMPILER_REVISION = 8; export const LAST_COMPATIBLE_COMPILER_REVISION = 7; diff --git a/package.json b/package.json index 1ae2c833e..5c115c307 100644 --- a/package.json +++ b/package.json @@ -1,7 +1,7 @@ { "name": "handlebars", "barename": "handlebars", - "version": "4.3.2", + "version": "4.3.3", "description": "Handlebars provides the power necessary to let you build semantic templates effectively with no frustration", "homepage": "http://www.handlebarsjs.com/", "keywords": [