Mirrors/lodash
1
0
Fork 0
mirror of https://github.com/whoisclebs/lodash.git synced 2026-02-10 10:57:49 +00:00
Code Issues Packages Projects Releases Wiki Activity

Bump to v4.17.12.

Browse Source
This commit is contained in:
John-David Dalton
2019-07-09 13:47:57 -07:00
parent db0dbd39a7
commit f42b961697
10 changed files with 59 additions and 40 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
template.js
View File

@@ -20,6 +20,12 @@ define(['./assignInWith', './attempt', './_baseValues', './_customDefaultsAssign
/** Used to match unescaped characters in compiled string literals. */
var reUnescapedString = /['\n\r\u2028\u2029\\]/g;
/** Used for built-in method references. */
var objectProto = Object.prototype;
/** Used to check objects for own properties. */
var hasOwnProperty = objectProto.hasOwnProperty;
/**
* Creates a compiled template function that can interpolate data properties
* in "interpolate" delimiters, HTML-escape interpolated data properties in
@@ -155,7 +161,14 @@ define(['./assignInWith', './attempt', './_baseValues', './_customDefaultsAssign
, 'g');
// Use a sourceURL for easier debugging.
var sourceURL = 'sourceURL' in options ? '//# sourceURL=' + options.sourceURL + '\n' : '';
// The sourceURL gets injected into the source that's eval-ed, so be careful
// with lookup (in case of e.g. prototype pollution), and strip newlines if any.
// A newline wouldn't be a valid sourceURL anyway, and it'd enable code injection.
var sourceURL = hasOwnProperty.call(options, 'sourceURL')
? ('//# sourceURL=' +
(options.sourceURL + '').replace(/[\r\n]/g, ' ') +
'\n')
: '';
string.replace(reDelimiters, function(match, escapeValue, interpolateValue, esTemplateValue, evaluateValue, offset) {
interpolateValue || (interpolateValue = esTemplateValue);
@@ -186,7 +199,9 @@ define(['./assignInWith', './attempt', './_baseValues', './_customDefaultsAssign
// If `variable` is not specified wrap a with-statement around the generated
// code to add the data object to the top of the scope chain.
var variable = options.variable;
// Like with sourceURL, we take care to not check the option's prototype,
// as this configuration is a code injection vector.
var variable = hasOwnProperty.call(options, 'variable') && options.variable;
if (!variable) {
source = 'with (obj) {\n' + source + '\n}\n';
}