Release Notes

Development

Commits

v4.3.1 - September 25th, 2019

Fixes:

  • do not break on precompiled templates from Handlebars >=4.0.0 <4.3.0 - 1266838, #1561
  • Ensure allowCallsToHelperMissing runtime option is optional in typings - 93444c5, 64ecb9e, #1560

Commits

v4.3.0 - September 24th, 2019

Fixes:

  • Security: Disallow calling “helperMissing” and “blockHelperMissing” directly - 2078c72
  • Disallow calling “helperMissing” and “blockHelperMissing” directly - 2078c72

Features:

  • Add new runtime option allowCallsToHelperMissing to allow calling blockHelperMissing and helperMissing.

Breaking changes:

Compatibility notes:

  • Compiler revision increased - 06b7224

    • This means that template compiled with versions prior to 4.3.0 will not work with runtimes >= 4.3.0 The increase was done because the “helperMissing” and “blockHelperMissing” are now moved from the helpers to the internal “container.hooks” object, so old templates will not be able to call them anymore. We suggest that you always recompile your templates with the latest compiler in your build pipelines.

  • Disallow calling “helperMissing” and “blockHelperMissing” directly - 2078c72

    • Calling “helperMissing” and “blockHelperMissing” directly from a template (like in {{blockHelperMissing}} was never intended and was part of the exploits that have been revealed early in 2019 (see https://github.com/wycats/handlebars.js/issues/1495). It is also part of a new exploit that is not captured by the earlier fix. In order to harden Handlebars against such exploits, calling thos helpers is now not possible anymore. Overriding those helpers is still possible.
    • If you really need this behavior, you can set the runtime option allowCallsToHelperMissing to true and the calls will again be possible

Both bullet points imly that Handlebars is not 100% percent compatible to 4.2.0, despite the minor version bump.

We consider it more important to resolve a major security issue than to maintain 100% compatibility.

Commits

v4.2.1 - September 20th, 2019

Bugfixes:

  • The “browser” property in the package.json has been updated to use the common-js builds instead of the minified UMD - c55a7be, #1553

Compatibility notes:

  • No compatibility issues should arise

Commits

v4.2.0 - September 3rd, 2019

Chore/Test:

  • Use custom grunt-saucelab with current sauce-connect proxy - f119497
  • Add framework for various integration tests - f9cce4d
  • Add integration test for webpack - a57b682

Bugfixes:

Features:

  • #1540 - added “browser”-property to package.json, resolves #1102 (@ouijan)

Compatibility notes:

  • The new “browser”-property should not break anything, but you can never be sure. The integration test for webpack shows that it works, but if it doesn't please open an issue.

Commits

v4.1.2-0 - August 25th, 2019

#1540 - added browser to package.json, resolves #1102 (@ouijan)

Compatibility notes:

  • We are not sure if imports via webpack are still working, which is why this release is a pre-release

Commits

v4.1.2 - April 13th, 2019

Chore/Test:

  • #1515 - Port over linting and test for typings (@zimmi88)
  • chore: add missing typescript dependency, add package-lock.json - 594f1e3
  • test: remove safari from saucelabs - 871accc

Bugfixes:

  • fix: prevent RCE through the “lookup”-helper - cd38583

Compatibility notes:

Access to the constructor of a class thought {{lookup obj "constructor" }} is now prohibited. This closes a leak that only half closed in versions 4.0.13 and 4.1.0, but it is a slight incompatibility.

This kind of access is not the intended use of Handlebars and leads to the vulnerability described in #1495. We will not increase the major version, because such use is not intended or documented, and because of the potential impact of the issue (we fear that most people won't use a new major version and the issue may not be resolved on many systems).

Commits

v4.1.1 - March 16th, 2019

Bugfixes:

  • fix: add “runtime.d.ts” to allow “require(‘handlebars/runtime’)” in TypeScript - 5cedd62

Refactorings:

  • replace “async” with “neo-async” - 048f2ce
  • use “substring”-function instead of “substr” - 445ae12

Compatibility notes:

  • This is a bugfix release. There are no breaking change and no new features.

Commits

v4.1.0 - February 7th, 2019

New Features

  • import TypeScript typings - 27ac1ee

Security fixes:

  • disallow access to the constructor in templates to prevent RCE - 42841c4, #1495

Housekeeping

  • chore: fix components/handlebars package.json and auto-update on release - bacd473
  • chore: Use node 10 to build handlebars - 78dd89c
  • chore/doc: Add more release docs - 6b87c21

Compatibility notes:

Access to class constructors (i.e. ({}).constructor) is now prohibited to prevent Remote Code Execution. This means that following construct will no work anymore:

class SomeClass {
}

SomeClass.staticProperty = 'static'

var template = Handlebars.compile('{{constructor.staticProperty}}');
document.getElementById('output').innerHTML = template(new SomeClass());
// expected: 'static', but now this is empty.

This kind of access is not the intended use of Handlebars and leads to the vulnerability described in #1495. We will not increase the major version, because such use is not intended or documented, and because of the potential impact of the issue (we fear that most people won't use a new major version and the issue may not be resolved on many systems).

Commits

v4.0.12 - September 4th, 2018

New features:

  • none

Various dependency updates

  • #1464 - Bump versions of grunt-plugins to 1.x
  • #1398 - Chore: updated various dev dependencies
  • upgrade uglify-js - d3d3942
  • Update grunt-eslint to 20.1.0 - 7729aa9
  • Update dependencies “async” to 2.5.0 and “source-map” to 0.6.1 (73d5637)

Bugfixes:

Removed obsolete code:

  • unnecessary check - 0ddff8b
  • Use files field - 69c6ca5
  • Update jsfiddle to 4.0.11 - 8947dd0

Compatibility notes:

  • No compatibility issues are to be expected

Commits

v4.0.11 - October 17th, 2017

  • #1391 - uglify-js is unconditionally imported, but only listed as optional dependency (@Turbo87)
  • #1233 - Unable to build under windows - error at test:bin task (@blikblum)
  • Update (C) year in the LICENSE file - 21386b6

Compatibility notes:

  • This is a bugfix release. There are no breaking change and no new features.

Commits

v4.0.10 - May 21st, 2017

  • Fix regression in 4.0.9: Replace “Object.assign” (not support in IE) by “util/extend” - 0e953d1

Commits

v4.0.9 - May 21st, 2017

  • #1327 Handlebars.compile() does not modify “options” anymore
  • pending #1331 Attempts to build Handlebars in a Windows environment
    • Fix build in windows - cc554a5
    • Ensure LF line-edings in handlebars-template fixtures (*.hbs) - ed879a6
    • Run integration test with node handlebars -a ... on Windows - 2e21e2b
    • Ensure LF line-edings in lexer-files (*.l) - bdfdbea
    • Force LF line-endings for spec/artifacts - b50ef03
    • Use istanbul/lib/cli.js instead of node_modules/.bin/istanbul - 6e6269f
  • TravisCI: Publish valid semver tags independently of the branch - 7378f85

Compatibility notes:

  • No compatibility issues are expected.

Commits

v4.0.8 - May 2nd, 2017

  • #1341 #1342 Allow partial-blocks to be executed without “options” (@nknapp) - a00c598

Compatibility notes:

  • No breaking changes

Commits

v4.0.7 - April 29th, 2017

  • #1319: Fix context-stack when calling block-helpers on null values (@nknapp) - c8f4b57
  • #1315 Parser: Change suffix to use ES6 default module export (@Turbo87)- b617375
  • #1290 #1252 Add more tests for partial-blocks and inline partials (@nknapp) - 63a8e0c
  • #1252 Using @partial-block twice in a template not possible (@nknapp) - 5a164d0
  • #1310 Avoid duplicate “sourceMappingURL=” lines. (@joonas-lahtinen) - 01b0f65
  • #1275 require(‘sys’) is deprecated, using ‘util’ instead (@travnels) - 406f2ee
  • #1285 #1284 Make “column”-property of Errors enumerable (@nknapp) - a023cb4
  • #1285 Testcase to verify that compile-errors have a column-property (@nknapp) - c7dc353

Commits

v4.0.6 - November 12th, 2016

  • #1243 - Walk up data frames for nested @partial-block (@lawnsea)
  • #1210 - Add a new lightweight package based on handlebars in the README (@kabirbaidhya)
  • #1187 - Ensure that existing blockParams and depths are respected on dupe programs (@charleso)
  • #1191 - Added cory (@leo)
  • #1177 - Preserve License info in Closure Compiler (@gennadiylitvinyuk)
  • #1171 - Contributing doc fix: failing thats -> failing tests (@paulfalgout)
  • #1166 - Update license date (@timwangdev)
  • Update jsfiddle to point to latest - 959ee55 (originally dfc7554 by @kpdecker)
  • #1163 - Fix typos on decorators-api.md. (@adjohnson916)
  • Drop extra Error params - 8c19874 (originally 63fdb92 by @kpdecker)
  • #1153 - Add documentation for running tests to contributing.md (@ryanmurakami)
  • Avoid error in older browsers in test - 400916c (originally a6121ca by @kpdecker)
  • Update target browser test versions - fee2334 (originally 871c32a by @kpdecker)
  • Exclude coverage check in exception conditional - 32d6363 (originally 326734b by @kpdecker)
  • Fix throw when creating exception object in Safari - 20c965c (originally 2ea6119 by @kpdecker)
  • Update build for modern node versions - 6c9f98c (originally 8289c0b by @kpdecker)
  • #1135 - Relax depth check for context push - c393c81 (originally 25458fd by @kpdecker)

Commits

v4.0.5 - November 19th, 2015

  • #1132 - Update uglify-js to avoid vulnerability (@plynchnlm)
  • #1129 - Minified lib returns an empty string (@bricss)
  • Return current handlebars instance from noConflict - 685cf92
  • Add webpack to dev dependency to support npm 3 - 7a6c228
  • Further relax uglify dependency - 0a3b3c2
  • Include tests for minimized artifacts - c21118d
  • Fix lint errors under latest eslint - 9f59de9
  • Add print-script helper script - 98a6717

Commits

v4.0.4 - October 29th, 2015

  • #1121 - Include partial name in ‘undefined partial’ exception message (@shinypb)
  • #1125 - Add promised-handlebars to “in-the-wild”-list (@nknapp)

Commits

v4.0.3 - September 23rd, 2015

Compatibility notes:

  • each iteration with undefined values has been restored to the 3.0 behaviors. Helper calls with undefined context values will now execute against an arbitrary empty object to avoid executing against global object in non-strict mode.
  • ] can now be included in [] wrapped identifiers by escaping with \. Any [] identifiers that include \ will now have to properly escape these values.

Commits

v4.0.2 - September 4th, 2015

  • #1089 - “Failover content” not working in multiple levels of inline partials (@michaellopez)

Commits

v4.0.1 - September 2nd, 2015

  • Fix failure when using decorators in partials - 05b82a2

Commits

v4.0.0 - September 1st, 2015

  • #1082 - Decorators and Inline Partials (@kpdecker)
  • #1076 - Implement partial blocks (@kpdecker)
  • #1087 - Fix #each when last object entry has empty key (@denniskuczynski)
  • #1084 - Bump uglify version to fix vulnerability (@John-Steidley)
  • #1068 - Fix typo (@0xack13)
  • #1060 - #1056 Fixed grammar for nested raw blocks (@ericbn)
  • #1052 - Updated year in License (@maqnouch)
  • #1037 - Fix minor typos in README (@tomxtobin)
  • #1032 - Is it possible to render a partial without the parent scope? (@aputinski)
  • #1019 - Fixes typo in tests (@aymerick)
  • #1016 - Version mis-match (@mayankdedhia)
  • #1023 - is it possible for nested custom helpers to communicate between each other?
  • #893 - [Proposal] Section blocks.
  • #792 - feature request: inline partial definitions
  • #583 - Parent path continues to drill down depth with multiple conditionals
  • #404 - Add named child helpers that can be referenced by block helpers
  • Escape = in HTML content - 83b8e84
  • Drop AST constructors in favor of JSON - 95d84ba
  • Pass container rather than exec as context - 9a2d1d6
  • Add ignoreStandalone compiler option - ea3a5a1
  • Ignore empty when iterating on sparse arrays - 06d515a
  • Add support for string and stdin precompilation - 0de8dac
  • Simplify object assignment generation logic - 77e6bfc
  • Bulletproof AST.helpers.helperExpression - 93b0760
  • Always return string responses - 8e868ab
  • Pass undefined fields to helpers in strict mode - 5d4b8da
  • Avoid depth creation when context remains the same - 279e038
  • Improve logging API - 9a49d35
  • Fix with operator in no @data mode - 231a8d7
  • Allow empty key name in each iteration - 1bb640b
  • Add with block parameter support - 2a85106
  • Fix escaping of non-javascript identifiers - 410141c
  • Fix location information for programs - 93faffa

Compatibility notes:

  • Depthed paths are now conditionally pushed on to the stack. If the helper uses the same context, then a new stack is not created. This leads to behavior that better matches expectations for helpers like if that do not seem to alter the context. Any instances of ../ in templates will need to be checked for the correct behavior under 4.0.0. In general templates will either reduce the number of ../ instances or leave them as is. See #1028.
  • The = character is now HTML escaped. This closes a potential exploit case when using unquoted attributes, i.e. <div foo={{bar}}>. In general it's recommended that attributes always be quoted when their values are generated from a mustache to avoid any potential exploit surfaces.
  • AST constructors have been dropped in favor of plain old javascript objects
  • The runtime version has been increased. Precompiled templates will need to use runtime of at least 4.0.0.

Commits

v3.0.3 - April 28th, 2015

  • #1004 - Latest version breaks with RequireJS (global is undefined) (@boskee)

Commits

v3.0.2 - April 20th, 2015

  • #998 - Add full support for es6 (@kpdecker)
  • #994 - Access Handlebars.Visitor in browser (@tamlyn)
  • #990 - Allow passing null/undefined literals subexpressions (@blimmer)
  • #989 - Source-map error with requirejs (@SteppeEagle)
  • #967 - can't access “this” property (@75lb)
  • Use captureStackTrace for error handler - a009a97
  • Ignore branches tested without coverage monitoring - 37a664b

Commits

v3.0.1 - March 24th, 2015

Commits

v3.0.0 - February 10th, 2015

  • #941 - Add support for dynamic partial names (@kpdecker)

  • #940 - Add missing reserved words so compiler knows to use array syntax: (@mattflaschen)

  • #938 - Fix example using #with helper (@diwo)

  • #930 - Add parent tracking and mutation to AST visitors (@kpdecker)

  • #926 - Depthed lookups fail when program duplicator runs (@kpdecker)

  • #918 - Add instructions for ‘spec/mustache’ to CONTRIBUTING.md, fix a few typos (@oneeman)

  • #915 - Ast update (@kpdecker)

  • #910 - Different behavior of {{@last}} when {} in {} (@zordius)

  • #907 - Implement named helper variable references (@kpdecker)

  • #906 - Add parser support for block params (@mmun)

  • #903 - Only provide aliases for multiple use calls (@kpdecker)

  • #902 - Generate Source Maps (@kpdecker)

  • #901 - Still escapes with noEscape enabled on isolated Handlebars environment (@zedknight)

  • #896 - Simplify BlockNode by removing intermediate MustacheNode (@mmun)

  • #892 - Implement parser for else chaining of helpers (@kpdecker)

  • #889 - Consider extensible parser API (@kpdecker)

  • #887 - Handlebars.noConflict() option? (@bradvogel)

  • #886 - Add SafeString to context (or use duck-typing) (@dominicbarnes)

  • #870 - Registering undefined partial throws exception. (@max-b)

  • #866 - comments don't respect whitespace control (@75lb)

  • #863 - + jsDelivr CDN info (@tomByrer)

  • #858 - Disable new default auto-indent at included partials (@majodev)

  • #856 - jspm compatibility (@MajorBreakfast)

  • #805 - Request: “strict” lookups (@nzakas)

  • Export the default object for handlebars/runtime - 5594416

  • Lookup partials when undefined - 617dd57

Compatibility notes:

  • Runtime breaking changes. Must match 3.x runtime and precompiler.
  • The AST has been upgraded to a public API.
    • There are a number of changes to this, but the format is now documented in docs/compiler-api.md
    • The Visitor API has been expanded to support mutation and provide a base implementation
  • The JavaScriptCompiler APIs have been formalized and documented. As part of the sourcemap handling these should be updated to return arrays for concatenation.
  • JavaScriptCompiler.namespace has been removed as it was unused.
  • SafeString is now duck typed on toHTML

New Features:

  • noConflict
  • Source Maps
  • Block Params
  • Strict Mode
  • @last and other each changes
  • Chained else blocks
  • @data methods can now have helper parameters passed to them
  • Dynamic partials

Commits

v2.0.0 - September 1st, 2014

  • Update jsfiddle to 2.0.0-beta.1 - 0670f65
  • Add contrib note regarding handlebarsjs.com docs - 4d17e3c
  • Play nice with gemspec version numbers - 64d5481

Commits

v2.0.0-beta.1 - August 26th, 2014

  • #787 - Remove whitespace surrounding standalone statements (@kpdecker)

  • #827 - Render false literal as “false” (@scoot557)

  • #767 - Subexpressions bug with hash and context (@evensoul)

  • Changes to 0/undefined handling

    • #731 - Strange behavior for {} {{bar}} {{/foo}} when foo is 0 (@kpdecker)
    • #820 - strange behavior for {{foo.bar}} when foo is 0 or null or false (@zordius)
    • #837 - Strange input for custom helper ( foo.bar == false when foo is undefined ) (@zordius)

  • #819 - Implement recursive field lookup (@kpdecker)

  • #764 - This reference not working for helpers (@kpdecker)

  • #773 - Implicit parameters in {} introduces a peculiarity in helpers calling convention (@Bertrand)

  • #783 - helperMissing and consistency for different expression types (@ErisDS)

  • #795 - Turn the precompile script into a wrapper around a module. (@jwietelmann)

  • #823 - Support inverse sections on the with helper (@dan-manges)

  • #834 - Refactor blocks, programs and inverses (@mmun)

  • #852 - {{foo~}} space control behavior is different from older version (@zordius)

  • #835 - Templates overwritten if file is loaded twice

  • Expose escapeExpression on the root object - 980c38c

  • Remove nested function eval in blockHelperMissing - 6f22ec1

  • Fix compiler program de-duping - 9e3f824

Compatibility notes:

  • The default build now outputs a generic UMD wrapper. This should be transparent change but may cause issues in some environments.
  • Runtime compatibility breaks in both directions. Ensure that both compiler and client are upgraded to 2.0.0-beta.1 or higher at the same time.
    • programWithDepth has been removed an instead an array of context values is passed to fields needing depth lookups.
  • false values are now printed to output rather than silently dropped
  • Lines containing only block statements and whitespace are now removed. This matches the Mustache spec but may cause issues with code that expects whitespace to exist but would not otherwise.
  • Partials that are standalone will now indent their rendered content
  • AST.ProgramNode's signature has changed.
  • Numerious methods/features removed from pseudo-API classes
    • JavaScriptCompiler.register
    • JavaScriptCompiler.replaceStack no longer supports non-inline replace
    • Compiler.disassemble
    • DECLARE opcode
    • strip opcode
    • lookup opcode
    • Content nodes may have their string values mutated over time. original field provides the unmodified value.
  • Removed unused Handlebars.registerHelper inverse parameter
  • each helper requires iterator parameter

Commits

v2.0.0-alpha.4 - May 19th, 2014

  • Expose setup wrappers for compiled templates - 3638874

Commits

v2.0.0-alpha.3 - May 19th, 2014

  • #797 - Pass full helper ID to helperMissing when options are provided (@tomdale)
  • #793 - Ensure isHelper is coerced to a boolean (@mmun)
  • Refactor template init logic - 085e5e1

Commits

v2.0.0-alpha.2 - March 6th, 2014

  • #756 - fix bug in IE<=8 (no Array::map), closes #751 (@jenseng)
  • #749 - properly handle multiple subexpressions in the same hash, fixes #748 (@jenseng)
  • #743 - subexpression confusion/problem? (@waynedpj)
  • #746 - [CLI] support handlebars --version (@apfelbox)
  • #747 - updated grunt-saucelabs, failing tests revealed (@Jonahss)
  • Make JSON a requirement for the compiler. - 058c0fb
  • Temporarily kill the AWS publish CI step - 8347ee2

Compatibility notes:

  • A JSON polyfill is required to run the compiler under IE8 and below. It's recommended that the precompiler be used in lieu of running the compiler on these legacy environments.

Commits

v2.0.0-alpha.1 - February 10th, 2014

Compatibility notes:

  • helperMissing helper no longer has the indexed name argument. Helper name is now available via options.name.
  • Precompiler output has changed, which breaks compatibility with prior versions of the runtime and precompiled output.
  • JavaScriptCompiler.compilerInfo now returns generic objects rather than javascript source.
  • AST changes
    • INTEGER -> NUMBER
    • Additional PartialNode hash parameter
    • New RawBlockNode type
  • Data frames now have a _parent field. This is internal but is enumerable for performance/compatibility reasons.

Commits

v1.3.0 - January 1st, 2014

  • #690 - Added support for subexpressions (@machty)
  • #696 - Fix for reserved keyword “default” (@nateirwin)
  • #692 - add line numbers to nodes when parsing (@fivetanley)
  • #695 - Pull options out from param setup to allow easier extension (@blakeembrey)
  • #694 - Make the environment reusable (@blakeembrey)
  • #636 - Print line and column of errors (@sgronblo)
  • Use literal for data lookup - c1a93d3
  • Add stack handling sanity checks - cd885bf
  • Fix stack id “leak” on replaceStack - ddfe457
  • Fix incorrect stack pop when replacing literals - f4d337d

Commits

v1.2.1 - December 26th, 2013

  • #684 - Allow any number of trailing characters for valid JavaScript variable (@blakeembrey)
  • #686 - Falsy AMD module names in version 1.2.0 (@kpdecker)

Commits

v1.2.0 - December 23rd, 2013

  • #675 - Cannot compile empty template for partial (@erwinw)
  • #677 - Triple brace statements fail under IE (@hamzaCM)
  • #655 - Loading Handlebars using bower (@niki4810)
  • #657 - Fixes issue where cli compiles non handlebars templates (@chrishoage)
  • #681 - Adds in-browser testing and Saucelabs CI (@kpdecker)
  • #661 - Add @first and @index to #each object iteration (@cgp)
  • #650 - Handlebars is MIT-licensed (@thomasboyt)
  • #641 - Document ember testing process (@kpdecker)
  • #662 - handlebars-source 1.1.2 is missing from RubyGems.
  • #656 - Expose COMPILER_REVISION checks as a hook (@machty)
  • #668 - Consider publishing handlebars-runtime as a separate module on npm (@dlmanning)
  • #679 - Unable to override invokePartial (@mattbrailsford)
  • #646 - Fix “\{{” immediately following “{{” (@dmarcotte)
  • Allow extend to work with non-prototyped objects - eb53f2e
  • Add JavascriptCompiler public API tests - 1a751b2
  • Add AST test coverage for more complex paths - ddea5be
  • Fix handling of boolean escape in MustacheNode - b4968bb

Compatibility notes:

  • @index and @first are now supported for each iteration on objects
  • Handlebars.VM.checkRevision and Handlebars.JavaScriptCompiler.prototype.compilerInfo now available to modify the version checking behavior.
  • Browserify users may link to the runtime library via require('handlebars/runtime')

Commits

v1.1.2 - November 5th, 2013

  • #645 - 1.1.1 fails under IE8 (@kpdecker)

  • #644 - Using precompiled templates (AMD mode) with handlebars.runtime 1.1.1 (@fddima)

  • Add simple binary utility tests - 96a45a4

  • Fix empty string compilation - eea708a

Commits

v1.1.1 - November 4th, 2013

  • #642 - handlebars 1.1.0 are broken with nodejs

  • Fix release notes link - 17ba258

Commits

v1.1.0 - November 3rd, 2013

  • #628 - Convert code to ES6 modules (@kpdecker)

  • #336 - Add whitespace control syntax (@kpdecker)

  • #535 - Fix for probable JIT error under Safari (@sorentwo)

  • #483 - Add first and last @ vars to each helper (@denniskuczynski)

  • #557 - \\{{foo}} escaping only works in some situations (@dmarcotte)

  • #552 - Added BOM removal flag. (@blessenm)

  • #543 - publish passing master builds to s3 (@fivetanley)

  • #608 - Add includeZero flag to if conditional

  • #498 - Handlebars.compile fails on empty string although a single blank works fine

  • #599 - lambda helpers only receive options if used with arguments

  • #592 - Optimize array and subprogram performance

  • #571 - uglify upgrade breaks compatibility with older versions of node

  • #587 - Partial inside partial breaks?

Compatibility notes:

  • The project now includes separate artifacts for AMD, CommonJS, and global objects.
    • AMD: Users may load the bundled handlebars.amd.js or handlebars.runtime.amd.js files or load individual modules directly. AMD users should also note that the handlebars object is exposed via the default field on the imported object. This gist provides some discussion of possible compatibility shims.
    • CommonJS/Node: Node loading occurs as normal via require
    • Globals: The handlebars.js and handlebars.runtime.js files should behave in the same manner as the v1.0.12 / 1.0.0 release.
  • Build artifacts have been removed from the repository. npm, components/handlebars.js, cdnjs, or the builds page should now be used as the source of built artifacts.
  • Context-stored helpers are now always passed the options hash. Previously no-argument helpers did not have this argument.

Commits

v1.0.12 / 1.0.0 - May 31 2013

  • #515 - Add node require extensions support (@jjclark1982)
  • #517 - Fix amd precompiler output with directories (@blessenm)
  • #433 - Add support for unicode ids
  • #469 - Add support for ? in ids
  • #534 - Protect from object prototype modifications
  • #519 - Fix partials with . name (@jamesgorrie)
  • #519 - Allow ID or strings in partial names
  • #437 - Require matching brace counts in escaped expressions
  • Merge passed partials and helpers with global namespace values
  • Add support for complex ids in @data references
  • Docs updates

Compatibility notes:

  • The parser is now stricter on {{{, requiring that the end token be }}}. Templates that do not follow this convention should add the additional brace value.
  • Code that relies on global the namespace being muted when custom helpers or partials are passed will need to explicitly pass an undefined value for any helpers that should not be available.
  • The compiler version has changed. Precompiled templates with 1.0.12 or higher must use the 1.0.0 or higher runtime.

Commits

v1.0.11 / 1.0.0-rc4 - May 13 2013

Commits

v1.0.10 - Node - Feb 27 2013

  • #428 - Fix incorrect rendering of nested programs
  • Fix exception message (@tricknotes)
  • Added negative number literal support
  • Concert library to single IIFE
  • Add handlebars-source gemspec (@machty)

Commits

v1.0.9 - Node - Feb 15 2013

  • Added Handlebars.create API in node module for sandboxed instances (@tommydudebreaux)

Commits

1.0.0-rc3 - Browser - Feb 14 2013

  • Prevent use of this or .. in illogical place (@leshill)
  • Allow AST passing for parse/compile/precompile (@machty)
  • Optimize generated output by inlining statements where possible
  • Check compiler version when evaluating templates
  • Package browser dist in npm package

Commits

Prior Versions

When upgrading from the Handlebars 0.9 series, be aware that the signature for passing custom helpers or partials to templates has changed.

Instead of:

template(context, helpers, partials, [data])

Use:

template(context, {helpers: helpers, partials: partials, data: data})