From 5fb36807956baf5f4e928b8ccc7ff6d7e3a0a1da Mon Sep 17 00:00:00 2001
From: =?utf8?q?Tim=20D=C3=BCsterhus?= <duesterhus@woltlab.com>
Date: Mon, 15 Apr 2013 15:45:27 +0200
Subject: [PATCH] Fix formatting in WCF.Template and use a function instead of
 eval

---
 wcfsetup/install/files/js/WCF.js | 14 ++++++--------
 1 file changed, 6 insertions(+), 8 deletions(-)

diff --git a/wcfsetup/install/files/js/WCF.js b/wcfsetup/install/files/js/WCF.js
index cf2c759677..8a55c08dd4 100755
--- a/wcfsetup/install/files/js/WCF.js
+++ b/wcfsetup/install/files/js/WCF.js
@@ -3245,15 +3245,15 @@ WCF.Template = Class.extend({
 		this._template = this._template.replace(/\{\$(.+?)\}/g, function (_, name) {
 			self._neededVars.push(name);
 			
-			return "' + WCF.String.escapeHTML(v."+ name + ") + '";
+			return "' + WCF.String.escapeHTML(v." + name + ") + '";
 		}).replace(/\{#\$(.+?)\}/g, function (_, name) {
 			self._neededVars.push(name);
 			
-			return "' + WCF.String.formatNumeric(v."+ name + ") + '";
+			return "' + WCF.String.formatNumeric(v." + name + ") + '";
 		}).replace(/\{@\$(.+?)\}/g, function (_, name) {
 			self._neededVars.push(name);
 			
-			return "' + (v."+ name + ") + '";
+			return "' + (v." + name + ") + '";
 		}).replace(/{if (.+?)}/g, function (_, content) {
 			content = content.replace(/\$([^\s]+)/g, function (_, name) {
 				self._neededVars.push(name);
@@ -3279,6 +3279,8 @@ WCF.Template = Class.extend({
 		this._template = this._template.replace(/(\r\n|\n|\r)/g, '\\n');
 		
 		this._template = "$output += '" + this.insertLiterals(this._template) + "';";
+		
+		this._template = new Function("v", "var $output = ''; " + this._template + ' return $output;');
 	},
 	
 	/**
@@ -3295,11 +3297,7 @@ WCF.Template = Class.extend({
 			}
 		}
 		
-		var $output = '';
-		
-		eval(this._template);
-		
-		return $output;
+		return this._template(v);
 	},
 	
 	/**
-- 
2.20.1