Mongoose documents cannot be passed to the latest version of handlebars successfully #174
Comments
|
See, if this can help you: https://www.npmjs.com/package/@handlebars/allow-prototype-access |
|
@nknapp this works perfectly, thank you! |
|
Patch added in c173440 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
So this problem is documented pretty well here. The easiest solution is to use the yarn resolutions feature to keep using the old version of handlebars, like I did in PR #172 in 7ed8269. There are two code solutions at the other end of that link, one of which would require changing dozens of lines to add the characters
.toObject()(or.toJSON()) to them and remembering to do that whenever passing Mongoose document to Handlebars, and the other is kind of hacky because it relies on redefining an internal Handlebars function whose signature could be modified in another future update, breaking our new function definition. Our other option is to wait to see if the Handlebars contributors add a patch for people who are affected by this issue (it might help if everyone clicks on that link and adds a rocket emoji to that comment to request one.) We don't actually have to worry about the security vulnerability that's being patched by this upgrade because our users are not creating custom Handlebars templates.The text was updated successfully, but these errors were encountered: