From 96dd12edcb3085c5f439664800782d81510718c9 Mon Sep 17 00:00:00 2001
From: adon <adon@yahoo-inc.com>
Date: Thu, 7 May 2015 18:32:06 +0800
Subject: [PATCH] upgrade to use secure-handlebars

---
 package.json                     |  5 +--
 src/express-secure-handlebars.js |  2 +-
 src/secure-handlebars.js         | 77 --------------------------------
 3 files changed, 3 insertions(+), 81 deletions(-)
 delete mode 100644 src/secure-handlebars.js

diff --git a/package.json b/package.json
index 9a5f7aa..0a40455 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "express-secure-handlebars",
-  "version": "1.2.1",
+  "version": "2.0.0",
   "licenses": [
     {
       "type": "BSD",
@@ -32,10 +32,9 @@
     "test": "grunt test"
   },
   "dependencies": {
-    "context-parser-handlebars": "^2.0.0",
     "express-handlebars": "^2.0.0",
     "handlebars": "^3.0.0",
-    "util": "^0.10.*",
+    "secure-handlebars": "^0.1.0",
     "xss-filters": "^1.*"
   },
   "devDependencies": {
diff --git a/src/express-secure-handlebars.js b/src/express-secure-handlebars.js
index e4c0a55..2f745e6 100644
--- a/src/express-secure-handlebars.js
+++ b/src/express-secure-handlebars.js
@@ -10,7 +10,7 @@ Authors: Nera Liu <neraliu@yahoo-inc.com>
 /*jshint -W030 */
 var util = require("util"),
     expressHandlebars = require('express-handlebars').ExpressHandlebars,
-    secureHandlebars = require('./secure-handlebars');
+    secureHandlebars = require('secure-handlebars');
 
 function ExpressSecureHandlebars(config) {
 
diff --git a/src/secure-handlebars.js b/src/secure-handlebars.js
deleted file mode 100644
index 4140bd1..0000000
--- a/src/secure-handlebars.js
+++ /dev/null
@@ -1,77 +0,0 @@
-/* 
-Copyright (c) 2015, Yahoo Inc. All rights reserved.
-Copyrights licensed under the New BSD License.
-See the accompanying LICENSE file for terms.
-
-Authors: Nera Liu <neraliu@yahoo-inc.com>
-         Albert Yu <albertyu@yahoo-inc.com>
-         Adonis Fung <adon@yahoo-inc.com>
-*/
-var Handlebars = require('handlebars'),
-    ContextParserHandlebars = require("context-parser-handlebars"),
-    xssFilters = require('xss-filters');
-
-function preprocess(template) {
-    try {
-        if (template) {
-            var parser = new ContextParserHandlebars({printCharEnable: false});
-            return parser.analyzeContext(template);
-        }
-    } catch (err) {
-        console.log('=====================');
-        console.log("[WARNING] SecureHandlebars: falling back to the original template");
-        Object.keys(err).forEach(function(k){console.log(k.toUpperCase() + ':\n' + err[k]);});
-        console.log("TEMPLATE:\n" + template);
-        console.log('=====================');
-    }
-    return template;
-}
-
-function override(h) {
-    var c = h.compile, 
-        pc = h.precompile,
-        privateFilters = xssFilters._privFilters;
-
-    // override precompile function to preprocess the template first
-    h.precompile = function (template, options) {
-        options = options || {};
-        return pc.call(this, preprocess(template), options);
-    };
-
-    // override compile function to preprocess the template first
-    h.compile = function (template, options) {
-        options = options || {};
-        return c.call(this, preprocess(template), options);
-    };
-
-    // register below the filters that are automatically applied by context parser 
-    [
-        'y',
-        'yd', 'yc', 
-        'yavd', 'yavs', 'yavu',
-        'yu', 'yuc',
-        'yubl', 'yufull'
-    ].forEach(function(filterName){
-        h.registerHelper(filterName, privateFilters[filterName]);
-    });
-
-    // register below the filters that might be manually applied by developers
-    [
-        'inHTMLData', 'inHTMLComment',
-        'inSingleQuotedAttr', 'inDoubleQuotedAttr', 'inUnQuotedAttr',
-        'uriInSingleQuotedAttr', 'uriInDoubleQuotedAttr', 'uriInUnQuotedAttr', 'uriInHTMLData', 'uriInHTMLComment',
-        'uriPathInSingleQuotedAttr', 'uriPathInDoubleQuotedAttr', 'uriPathInUnQuotedAttr', 'uriPathInHTMLData', 'uriPathInHTMLComment',
-        'uriQueryInSingleQuotedAttr', 'uriQueryInDoubleQuotedAttr', 'uriQueryInUnQuotedAttr', 'uriQueryInHTMLData', 'uriQueryInHTMLComment',
-        'uriComponentInSingleQuotedAttr', 'uriComponentInDoubleQuotedAttr', 'uriComponentInUnQuotedAttr', 'uriComponentInHTMLData', 'uriComponentInHTMLComment',
-        'uriFragmentInSingleQuotedAttr', 'uriFragmentInDoubleQuotedAttr', 'uriFragmentInUnQuotedAttr', 'uriFragmentInHTMLData', 'uriFragmentInHTMLComment'
-    ].forEach(function(filterName){
-        h.registerHelper(filterName, xssFilters[filterName]);
-    });
-    return h;
-}
-
-if (module && module.exports) {
-    module.exports = override(Handlebars.create());
-} else { 
-    override(Handlebars);
-}