From 410141c31e547694746f3ce9427d1dde30070777 Mon Sep 17 00:00:00 2001
From: kpdecker <kpdecker@gmail.com>
Date: Tue, 21 Jul 2015 02:16:49 +0300
Subject: [PATCH] Fix escaping of non-javascript identifiers
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The ‘ character would cause invalid javascript to be generated as it was not properly escaped. Switching to JSON.stringify safely handles all potential unescaped cases.
---
 lib/handlebars/compiler/javascript-compiler.js | 2 +-
 spec/basic.js                                  | 8 ++++++--
 2 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/lib/handlebars/compiler/javascript-compiler.js b/lib/handlebars/compiler/javascript-compiler.js
index 883066165..d39ecb2bf 100644
--- a/lib/handlebars/compiler/javascript-compiler.js
+++ b/lib/handlebars/compiler/javascript-compiler.js
@@ -16,7 +16,7 @@ JavaScriptCompiler.prototype = {
     if (JavaScriptCompiler.isValidJavaScriptVariableName(name)) {
       return [parent, '.', name];
     } else {
-      return [parent, "['", name, "']"];
+      return [parent, '[', JSON.stringify(name), ']'];
     }
   },
   depthedLookup: function(name) {
diff --git a/spec/basic.js b/spec/basic.js
index 49ebbe52b..8859545d9 100644
--- a/spec/basic.js
+++ b/spec/basic.js
@@ -207,8 +207,12 @@ describe('basic context', function() {
   });
 
   it('literal references', function() {
-    shouldCompileTo('Goodbye {{[foo bar]}} world!', {'foo bar': 'beautiful'},
-        'Goodbye beautiful world!', 'Literal paths can be used');
+    shouldCompileTo('Goodbye {{[foo bar]}} world!', {'foo bar': 'beautiful'}, 'Goodbye beautiful world!');
+    shouldCompileTo('Goodbye {{"foo bar"}} world!', {'foo bar': 'beautiful'}, 'Goodbye beautiful world!');
+    shouldCompileTo("Goodbye {{'foo bar'}} world!", {'foo bar': 'beautiful'}, 'Goodbye beautiful world!');
+    shouldCompileTo('Goodbye {{"foo[bar"}} world!', {'foo[bar': 'beautiful'}, 'Goodbye beautiful world!');
+    shouldCompileTo('Goodbye {{"foo\'bar"}} world!', {"foo'bar": 'beautiful'}, 'Goodbye beautiful world!');
+    shouldCompileTo("Goodbye {{'foo\"bar'}} world!", {'foo"bar': 'beautiful'}, 'Goodbye beautiful world!');
   });
 
   it("that current context path ({{.}}) doesn't hit helpers", function() {