Use a patched version of awesomplete...
which doesn't render suggestions as HTML. See https://github.com/LeaVerou/awesomplete/pull/17082
This commit is contained in:
parent
c422237668
commit
647395a504
|
@ -1,6 +1,13 @@
|
|||
# Changelog
|
||||
|
||||
## 3.1.0 ((2017-07-05))
|
||||
## 3.1.1 (Unreleased)
|
||||
|
||||
- Use a patched version of [awesomplete](https://github.com/LeaVerou/awesomplete)
|
||||
which doesn't render suggestions as HTML (possible XSS attack vector). [jcbrand]
|
||||
|
||||
More info here: https://github.com/LeaVerou/awesomplete/pull/17082
|
||||
|
||||
## 3.1.0 (2017-07-05)
|
||||
|
||||
### API changes
|
||||
- Deprecate the `updateSettings` method in favour of
|
||||
|
|
|
@ -33,7 +33,7 @@
|
|||
},
|
||||
"devDependencies": {
|
||||
"almond": "~0.3.3",
|
||||
"awesomplete": "^1.1.1",
|
||||
"awesomplete-avoid-xss": "^1.1.2",
|
||||
"backbone": "1.3.3",
|
||||
"backbone.browserStorage": "0.0.3",
|
||||
"backbone.overview": "0.0.3",
|
||||
|
|
|
@ -16,7 +16,7 @@ require.config({
|
|||
baseUrl: '.',
|
||||
paths: {
|
||||
"almond": "node_modules/almond/almond",
|
||||
"awesomplete": "node_modules/awesomplete/awesomplete",
|
||||
"awesomplete": "node_modules/awesomplete-avoid-xss/awesomplete",
|
||||
"backbone": "node_modules/backbone/backbone",
|
||||
"backbone.noconflict": "src/backbone.noconflict",
|
||||
"backbone.browserStorage": "node_modules/backbone.browserStorage/backbone.browserStorage",
|
||||
|
|
Loading…
Reference in New Issue
Block a user