Fixed tests for IE11

#623

Fixes issue with the scope with in an else of a for/of

v4.15.4

4.15.4

Not using Array.prototype.includes (for IE11 support)

#618

use can-reflect in makeSimpleHelper function

use canReflect in makeSimpleHelper

call expressions re-evaluate

If foo changes in this.foo.doSomething(), the expression re-evaluates.

or, and, not helpers; views are callable, inline partials callable, docs improvements

This passes can-component's tests

This re-orgs the docs towards being use-case first:

This also deprecates much of the older ways of doing things:

It adds 3 new helpers:

• or( first, second, third )
• and( first, second, third )
• not( value ) - this is a converter copied from can-stache-converters

It makes views callable and wires up nodelists:

const addressView = stache(`<address>{{this.street}}, {{this.city}}</address>`);

const view = stache(`{{ addressView(street=user1.street city=user1.city) }}`)

It makes inline partials callable too:

        {{< addressView }}
            <address>{{ this.street}}, {{ this.city }}</address>
        {{/ addressView }}
        <h2>{{ this.user1.name }}</h2>
        {{ addressView(user1) }}

These were both done with a new can.isView symbol we put on view renderers to know these functions are special. When we see this, we make sure to pass the nodeList.

making Bracket expressions work with keys with multiple dots

#608

3.x - Fix for reading props with multiple dots

#609

Fixes possible XSS attack

There's a reflective xss exploit possible when the programmer makes a programming error. If a template value is initialized as null, and then changed into a string containing some exploited string, the string is rendered as a html snippet instead of text.

For example:

var map = new SimpleMap({
     foo: null
});
var frag = stache("<div>{{foo}}</div>")(map);
map.set("foo", "<p></p>");

frag //-> "<div><p></p></div>"

PR: #601

Root Hashes expressions are parseable directly within an expression

This allows the stache expression parser to parse something like foo=bar zed=ted directly within an expression. Stache was able to parse these when inside another expression like a call or helper expression: method(foo=ted).

This was added to support simple setters directly within stache:

<div on:click="this.todo.name = something"></div>