Comments (4)
tricknotes
commented on May 28, 2024
Could you remove 'handlebars-source' from your Gemfile?
'ember-source' requires 'handlebars-source' 1.x to precompile its template.
from ember-rails.
JuanitoFatas
commented on May 28, 2024
Could you remove 'handlebars-source' from your Gemfile?
'ember-source' requires 'handlebars-source' 1.x to precompile its template.
handlebars-source has an security issue I need to make it >= 4.0.0 :(
Name: handlebars-source
Version: 1.3.0
Advisory: 131671
Criticality: Unknown
URL: https://blog.srcclr.com/handlebars_vulnerability_research_findings/
Title: handlebars.js - quoteless attributes in templates can lead to XSS
Solution: upgrade to >= 4.0.0
from ember-rails.
tricknotes
commented on May 28, 2024
Ah, I see.
I think this security issue doesn't affect Ember application.
The reason is that Ember's bind-attr helper will escape bound attribute.
BTW ember-source 1.10.0 or later doesn't depend on handlebars-source.
If you use handlebars not only Ember's template engine, could you try to update ember-source to at least 1.10.0?
from ember-rails.
JuanitoFatas
commented on May 28, 2024
If you use handlebars not only Ember's template engine, could you try to update ember-source to at least 1.10.0?
This works!
Thanks for your prompt reply and your time 👍
from ember-rails.
Related Issues (20)
- ember-source versions HOT 1
- getting error while trying to inject a service HOT 2
- Follow-up of #516 issue HOT 3
- Rails 3 support issues ember-handlebars-template and ember-es6_template HOT 1
- views folder HOT 4
- Rails 5 support? HOT 1
- Upgrading Ember HOT 1
- Sprockets 3.7.0 has deprecated methed `register_engine` HOT 5
- undefined method `append_path' for nil:NilClass (NoMethodError) HOT 1
- HTMLBars templates not compiling HOT 2
- require environment before require ember-rails results in error "define is not defined" HOT 1
- URL in generators is a 404
- Could you please update ember-es6_template dependency version? HOT 2
- Drop Rails < 4.2 to support current Rails
- Update supported Rails versions in README HOT 2
- Sprockets cannot find ember/loader HOT 3
- ember-data HOT 4
- Module management and import system HOT 1
- Rails 3.2.14 HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ember-rails.