Backport potential xss fix

handlebars-lang/handlebars.js#1083
srcclr · Nov 21, 2015 · 4a7b034 · 4a7b034
1 parent 61b1663
commit 4a7b034
Showing 1 changed file with 11 additions and 6 deletions.
diff --git a/spec/dummy/vendor/assets/javascripts/handlebars.js b/spec/dummy/vendor/assets/javascripts/handlebars.js
@@ -64,12 +64,17 @@ var __module3__ = (function(__dependency1__) {
     ">": "&gt;",
     '"': "&quot;",
     "'": "&#x27;",
-    "`": "&#x60;"
-  };
-
-  var badChars = /[&<>"'`]/g;
-  var possible = /[&<>"'`]/;
-
+    '`': '&#x60;',
+    '\n' : '\\n',   // NewLine
+    '\r' : '\\n',   // Return 
+    '\b' : '\\b',   // Backspace
+    '\f' : '\\f',   // Form fee
+    '\t' : '\\t',   // Tab
+    '\v' : '\\v'   // Vertical Tab
+};
+  var badChars = /[&<>"'`\b\f\n\r\t\v]/g;
+  var possible = /[&<>"'`\b\f\n\r\t\v]/;
+
   function escapeChar(chr) {
     return escape[chr];
   }