handlebars-lang · Feb 13, 2021
diff --git a/‎lib/handlebars/compiler/javascript-compiler.js
+6-1 b/‎lib/handlebars/compiler/javascript-compiler.js
+6-1
diff --git a/‎package-lock.json
+12-629 b/‎package-lock.json
+12-629
diff --git a/‎spec/security.js
+22 b/‎spec/security.js
+22
@@ -16,7 +16,12 @@ JavaScriptCompiler.prototype = {
     return this.internalNameLookup(parent, name);
   },
   depthedLookup: function(name) {
-    return [this.aliasable('container.lookup'), '(depths, "', name, '")'];
+    return [
+      this.aliasable('container.lookup'),
+      '(depths, ',
+      JSON.stringify(name),
+      ')'
+    ];
   },
 
   compilerInfo: function() {
 
@@ -396,6 +396,28 @@ describe('security issues', function() {
       });
     });
   });
+
+  describe('escapes template variables', function() {
+    it('in compat mode', function() {
+      expectTemplate("{{'a\\b'}}")
+        .withCompileOptions({ compat: true })
+        .withInput({ 'a\\b': 'c' })
+        .toCompileTo('c');
+    });
+
+    it('in default mode', function() {
+      expectTemplate("{{'a\\b'}}")
+        .withCompileOptions()
+        .withInput({ 'a\\b': 'c' })
+        .toCompileTo('c');
+    });
+    it('in default mode', function() {
+      expectTemplate("{{'a\\b'}}")
+        .withCompileOptions({ strict: true })
+        .withInput({ 'a\\b': 'c' })
+        .toCompileTo('c');
+    });
+  });
 });
 
 function wrapToAdjustContainer(precompiledTemplateFunction) {