Avoid using new Function()

[fmonts]

The new Function(...), user here: https://github.com/blueimp/JavaScript-Templates/blob/master/js/tmpl.js#L24

is a bad practice, and disabled by default if using Content Security Policy (see here)

Can this be replaced? Otherwise who uses CSP must add unsafe-eval to use this library, allowing potential secutiry vulnerabilities.

[blueimp]

For any production use, my recommendation is to make use of compiled templates.
Using those compiled template functions only requires a minimal runtime that does not make use of new Function or any other unsafe-eval construct.

[oliverbob]

Can you provide an example on how to use the "compiled template" to produce javascript and what the output looks like?

Trying your example only showed me this:

basedir=$(dirname "$(echo "$0" | sed -e 's,\\,/,g')")

case `uname` in
    *CYGWIN*|*MINGW*|*MSYS*) basedir=`cygpath -w "$basedir"`;;
esac

if [ -x "$basedir/node" ]; then
  "$basedir/node"  "$basedir/node_modules/blueimp-tmpl/js/compile.js" "$@"
  ret=$?
else 
  node  "$basedir/node_modules/blueimp-tmpl/js/compile.js" "$@"
  ret=$?
fi
exit $ret

It opened up Atom and showed that Greek to me.

Or,

c:\Users\bob\node\tmpl>tmpl.js index.html > tmpl.js
The process cannot access the file because it is being used by another process.

[blueimp]

Hi @oliverbob,
that code snippet you posted does not look like anything from this project, so it's likely an artifact from your environment.

Have you followed the guide here?
https://github.com/blueimp/JavaScript-Templates#compiled-templates

[oliverbob]

Hi Sebastian,

It is the result of following the tutorial/documentation you have provided. I followed the guide step by step and installed the template like:

npm install blueimp-tmpl -g

But may be this is an issue on node. I'm using the latest version on windows. Can you provide a concrete example of how to use the tmpl.js compiler in the wiki?

Thank you very much,

Oliver

[blueimp]

Sorry I don't provide support to run this on Windows.
If you're on Windows 10, I recommend you to run it inside of Windows Subsystem for Linux.

However if you want to figure out how to make this work under Windows and would like to write a guide with step-by-step instructions, I'd gladly add a link to the Wiki.

[oliverbob]

Ok, I will try this on puppy linux.