fix: harden "propertyIsEnumerable"-check

- "container" is an internal object that is most likely not accessible through templateing (unlike the proto of "Object", which might be.) In order to prevent overriding this method, we use "propertyIsEnumerable" from the constructor.
handlebars-lang · Sep 28, 2019 · ff4d827 · ff4d827
1 parent e473849
commit ff4d827
Showing 1 changed file with 3 additions and 6 deletions.
diff --git a/lib/handlebars/compiler/javascript-compiler.js b/lib/handlebars/compiler/javascript-compiler.js
@@ -13,15 +13,13 @@ JavaScriptCompiler.prototype = {
   // PUBLIC API: You can override these methods in a subclass to provide
   // alternative compiled forms for name lookup and buffering semantics
   nameLookup: function(parent, name/* , type*/) {
+    const isEnumerable = [ this.aliasable('container.propertyIsEnumerable'), '.call(', parent, ',"constructor")'];
+
     if (name === 'constructor') {
-      return ['(', _isEnumerable(), '?', _actualLookup(), ' : undefined)'];
+      return ['(', isEnumerable, '?', _actualLookup(), ' : undefined)'];
     }
     return _actualLookup();
 
-    function _isEnumerable() {
-      return `Object.prototype.propertyIsEnumerable.call(${parent},'constructor')`;
-    }
-
     function _actualLookup() {
       if (JavaScriptCompiler.isValidJavaScriptVariableName(name)) {
         return [parent, '.', name];
@@ -222,7 +220,6 @@ JavaScriptCompiler.prototype = {
     let aliasCount = 0;
     for (let alias in this.aliases) { // eslint-disable-line guard-for-in
       let node = this.aliases[alias];
-
       if (this.aliases.hasOwnProperty(alias) && node.children && node.referenceCount > 1) {
         varDeclarations += ', alias' + (++aliasCount) + '=' + alias;
         node.children[0] = 'alias' + aliasCount;