v0.4.0

Breaking

• Security Fix: Ensure esc always returns a string: 58a5c36
  NOTE: This should only be a breaking change if you used esc directly.
  Previously, any non-string input was returned as is. Now, everything is returned as a string.
  This change prevents XSS attacks within Array values:

  let html = '<div>' + tempura.esc(['<img src=x onerror="alert(1)" />']) + '<div>';
  // before: '<div><img src=x onerror="alert(1)" /></div>'
  // after: '<div>&ltimg src=x onerror=&quot;alert(1)&quot; /></div>'

---

Full Changelog: v0.3.2...v0.4.0

v0.3.2

Patches

• (types) Allow loose Blocks type argument: dbd1fd1

Chores

• Add typescript example file (#9): 258f96e

v0.3.1

Patches

• Correct TypeScript definitions: 87de678

Chores

• Add options.props tests: f61e5d2
• Update module size: d85f151

v0.3.0

Features

• Add new loose option to relax the #expect requirement: 72bcb52, e8f8df8

  By default, any template variables must be known ahead of time – either through options.props or through #expect declarations. However, when enabled, options.loose relaxes this constraint.

Chores

• Add options.loose docs: 4674f67
• Mention options.loose in the #expect syntax docs: de8e4ae
• Fix broken introductory example in syntax document: 896188f

v0.2.0

Features

• Add tempura/rollup plugin: 764f8fc
  Tempura now ships with its own Rollup plugin!

• Add tempura/esbuild plugin: 9a3df0d
  Tempura also ships with its own esbuild plugin, too!

Patches

• Use in operator for custom block existence check: 61b6de0
  Allows for options.blocks.foo = null-style placeholders.

Examples

• Add worker example directory: 7396509, 175a112
  Illustrates how to use the new tempura/rollup and/or tempura/esbuild plugins.
  This builds an example Cloudflare Worker, but is applicable to any built/bundle application.

Chores

• Add more Custom Blocks documentation: eba06d5
  Includes more advanced examples/concepts.