Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Broken with handlebars 4.6.0

See original GitHub issue

Handlebars 4.6.0 breaks the templating as far as I can tell.

Presumably because of the breaking change in: https://github.com/wycats/handlebars.js/pull/1633

I have a custom template that extends the spritesheet-template and now it’s compiled to a file of mostly comments:

// SCSS variables are information about icon's compiled state, stored under its original file name
//
// .icon-home {
//   width: $icon-home-width;
// }
//
// The large array-like variables contain all information about a single icon
// $icon-home: x y offset_x offset_y width height total_width total_height image_path;
//
// At the bottom of this section, we provide information about the spritesheet itself
// $spritesheet: width height image $spritesheet-sprites;
$: ;
$: ;
$: '';
$: ();
$: (, , '', $ );
$: ;
$: ;
$: '';
$: ();
$: (, , '', $ );
// These "retina group" variables are mappings for the naming and pairing of normal and retina sprites.
//
// The list formatted variables are intended for mixins like `retina-sprite` and `retina-sprites`.
$: ();

Obviously that’s not great!

I’m not really a node dev so can’t really see what’s going on and how to fix it, but I can confirm that installing handlebars 4.5.3 allows the template to compile fine.

Issue Analytics

State:
Created 4 years ago
Comments:11 (7 by maintainers)

Top GitHub Comments

1reaction

twolfsoncommented, Jan 9, 2020

Alright, that fixed version has been released in 10.4.3. Thanks for the bug report!

0reactions

nknappcommented, Jan 10, 2020

Handlebars 4.7.0 has been release with options to disable prototype restrictions: https://handlebarsjs.com/api-reference/runtime-options.html#options-to-control-prototype-access

Please be aware the you are potentially opening up ways to crash your servers or maybe even remote code execution for people who can inject templates into your system.

Top Results From Across the Web

Handlebars 4.6.0+ breaks some functionality within Express ...

So with the updated express-handlebars and everything I now have the trouble of my software, based on express-handlebars, is not working ...

handlebars 4.6.0 vulnerabilities - Snyk

Report a new vulnerability Found a mistake? Direct Vulnerabilities. Known vulnerabilities in the handlebars package. This does not include vulnerabilities ...

handlebars/release-notes.md - UNPKG

215, - do not break on precompiled templates from Handlebars >=4.0.0 <4.3.0 - 1266838, #1561. 216, - Ensure allowCallsToHelperMissing runtime option is ...

Handlebars: Access has been denied to resolve the property ...

In handlebars@^4.6.0. access to the object prototype has been disabled ... There was a breaking change in the recent release of Handlebars ......

handlebars - npm

Start using handlebars in your project by running `npm i handlebars`. ... 3 years ago. 4.6.0. 2,622. 3 years ago.