Security Advisories (5)

CVE-2021-41182 (2021-10-26)

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `altField` option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `altField` option is now treated as a CSS selector. A workaround is to not accept the value of the `altField` option from untrusted sources.

CVE-2021-41183 (2021-10-26)

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of various `*Text` options of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. The values passed to various `*Text` options are now always treated as pure text, not HTML. A workaround is to not accept the value of the `*Text` options from untrusted sources.

CVE-2021-41184 (2021-10-26)

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `of` option of the `.position()` util from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `of` option is now treated as a CSS selector. A workaround is to not accept the value of the `of` option from untrusted sources.

CVE-2021-23562 (2021-12-03)

This affects the package plupload before 2.3.9. A file name containing JavaScript code could be uploaded and run. An attacker would need to trick a user to upload this kind of file.

CVE-2016-4566 (2016-05-22)

Cross-site scripting (XSS) vulnerability in plupload.flash.swf in Plupload before 2.1.9, as used in WordPress before 4.5.2, allows remote attackers to inject arbitrary web script or HTML via a Same-Origin Method Execution (SOME) attack.

NAME

Yukki::TemplateUtil - Utiltiies that help make manipulating the DOM easier

VERSION

version 0.991_002

DESCRIPTION

Tools for manipulating the DOM in specialized wasy inside of Template::Pure templates.

SUBROUTINES

field

$view->prepare_template(
    template => 'admin/user/edit.html',
    directives => [
        ...
        '#email@value' => field(['user.email', 'form.email']),
        ...
    ],
);

Template::Pure is touchy about missing paths. This will make sure a field is present so the template renders okay without requiring any additional boilerplate. First argument is the name of the data path or paths to lookup. Multiple paths may be passed using an array reference. The second value (optional) is the default to use if that finds nothing. If no default is given, the default default is an empty string.

form_error

$view->prepare_template(
    template => 'admin/user/edit.html',
    directives => [
        ...
        '#email' => form_error('email'),
        ...
    ],
);

Appends content after an element to insert code to show field errors, if field errors are set.

AUTHOR

Andrew Sterling Hanenkamp <hanenkamp@cpan.org>

COPYRIGHT AND LICENSE

This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself.

To install Yukki, copy and paste the appropriate command in to your terminal.

cpanm

cpanm Yukki

CPAN shell

perl -MCPAN -e shell
install Yukki

For more information on module installation, please visit the detailed CPAN module installation guide.

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	Go to GitHub issues (only if GitHub is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)