From ff4d827c0974003fedadaef1073d7d873954514c Mon Sep 17 00:00:00 2001
From: Nils Knappmeier <github@knappi.org>
Date: Sat, 28 Sep 2019 10:36:49 +0200
Subject: [PATCH 1/3] fix: harden "propertyIsEnumerable"-check

- "container" is an internal object that is most likely
  not accessible through templateing (unlike the proto of "Object", which might be.)
  In order to prevent overriding this method, we
  use "propertyIsEnumerable" from the constructor.
---
 lib/handlebars/compiler/javascript-compiler.js | 9 +++------
 1 file changed, 3 insertions(+), 6 deletions(-)

diff --git a/lib/handlebars/compiler/javascript-compiler.js b/lib/handlebars/compiler/javascript-compiler.js
index 3491aad8e..dec107e8b 100644
--- a/lib/handlebars/compiler/javascript-compiler.js
+++ b/lib/handlebars/compiler/javascript-compiler.js
@@ -13,15 +13,13 @@ JavaScriptCompiler.prototype = {
   // PUBLIC API: You can override these methods in a subclass to provide
   // alternative compiled forms for name lookup and buffering semantics
   nameLookup: function(parent, name/* , type*/) {
+    const isEnumerable = [ this.aliasable('container.propertyIsEnumerable'), '.call(', parent, ',"constructor")'];
+
     if (name === 'constructor') {
-      return ['(', _isEnumerable(), '?', _actualLookup(), ' : undefined)'];
+      return ['(', isEnumerable, '?', _actualLookup(), ' : undefined)'];
     }
     return _actualLookup();
 
-    function _isEnumerable() {
-      return `Object.prototype.propertyIsEnumerable.call(${parent},'constructor')`;
-    }
-
     function _actualLookup() {
       if (JavaScriptCompiler.isValidJavaScriptVariableName(name)) {
         return [parent, '.', name];
@@ -222,7 +220,6 @@ JavaScriptCompiler.prototype = {
     let aliasCount = 0;
     for (let alias in this.aliases) { // eslint-disable-line guard-for-in
       let node = this.aliases[alias];
-
       if (this.aliases.hasOwnProperty(alias) && node.children && node.referenceCount > 1) {
         varDeclarations += ', alias' + (++aliasCount) + '=' + alias;
         node.children[0] = 'alias' + aliasCount;

From b250b2d53af0c5e984eaaa912e5a6b93477d32dc Mon Sep 17 00:00:00 2001
From: Nils Knappmeier <github@knappi.org>
Date: Sat, 28 Sep 2019 13:24:18 +0200
Subject: [PATCH 2/3] Update release notes

---
 release-notes.md | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/release-notes.md b/release-notes.md
index 1f8da4a70..dec4f9861 100644
--- a/release-notes.md
+++ b/release-notes.md
@@ -2,7 +2,15 @@
 
 ## Development
 
-[Commits](https://github.com/wycats/handlebars.js/compare/v4.3.3...master)
+[Commits](https://github.com/wycats/handlebars.js/compare/v4.3.4...master)
+
+## v4.3.4 - September 28th, 2019
+- fix: harden "propertyIsEnumerable"-check - ff4d827
+
+Compatibility notes:
+- No incompatibilities are known.
+
+[Commits](https://github.com/wycats/handlebars.js/compare/v4.3.3...v4.3.4)
 
 ## v4.3.3 - September 27th, 2019
  - fix test case for browsers that do not support __defineGetter__ - 8742bde

From c958cc89550ca411a78fefa426b0acee80c702eb Mon Sep 17 00:00:00 2001
From: Nils Knappmeier <github@knappi.org>
Date: Sat, 28 Sep 2019 13:25:05 +0200
Subject: [PATCH 3/3] v4.3.4

---
 components/bower.json           | 2 +-
 components/handlebars.js.nuspec | 2 +-
 components/package.json         | 2 +-
 lib/handlebars/base.js          | 2 +-
 package.json                    | 2 +-
 5 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/components/bower.json b/components/bower.json
index 77ea1a51e..9f8f5ec0f 100644
--- a/components/bower.json
+++ b/components/bower.json
@@ -1,6 +1,6 @@
 {
   "name": "handlebars",
-  "version": "4.3.3",
+  "version": "4.3.4",
   "main": "handlebars.js",
   "license": "MIT",
   "dependencies": {}
diff --git a/components/handlebars.js.nuspec b/components/handlebars.js.nuspec
index 0da828312..eb693b3cf 100644
--- a/components/handlebars.js.nuspec
+++ b/components/handlebars.js.nuspec
@@ -2,7 +2,7 @@
 <package>
 	<metadata>
 		<id>handlebars.js</id>
-		<version>4.3.3</version>
+		<version>4.3.4</version>
 		<authors>handlebars.js Authors</authors>
 		<licenseUrl>https://github.com/wycats/handlebars.js/blob/master/LICENSE</licenseUrl>
 		<projectUrl>https://github.com/wycats/handlebars.js/</projectUrl>
diff --git a/components/package.json b/components/package.json
index 3b544d7a5..11d5e3b70 100644
--- a/components/package.json
+++ b/components/package.json
@@ -1,6 +1,6 @@
 {
   "name": "handlebars",
-  "version": "4.3.3",
+  "version": "4.3.4",
   "license": "MIT",
   "jspm": {
     "main": "handlebars",
diff --git a/lib/handlebars/base.js b/lib/handlebars/base.js
index c047af8de..312090345 100644
--- a/lib/handlebars/base.js
+++ b/lib/handlebars/base.js
@@ -4,7 +4,7 @@ import {registerDefaultHelpers} from './helpers';
 import {registerDefaultDecorators} from './decorators';
 import logger from './logger';
 
-export const VERSION = '4.3.3';
+export const VERSION = '4.3.4';
 export const COMPILER_REVISION = 8;
 export const LAST_COMPATIBLE_COMPILER_REVISION = 7;
 
diff --git a/package.json b/package.json
index 5c115c307..788600ce8 100644
--- a/package.json
+++ b/package.json
@@ -1,7 +1,7 @@
 {
   "name": "handlebars",
   "barename": "handlebars",
-  "version": "4.3.3",
+  "version": "4.3.4",
   "description": "Handlebars provides the power necessary to let you build semantic templates effectively with no frustration",
   "homepage": "http://www.handlebarsjs.com/",
   "keywords": [