Use a patched version of awesomplete...

which doesn't render suggestions as HTML.

See https://github.com/LeaVerou/awesomplete/pull/17082
This commit is contained in:
JC Brand 2017-07-12 22:38:03 +02:00
parent c422237668
commit 647395a504
3 changed files with 10 additions and 3 deletions

View File

@ -1,6 +1,13 @@
# Changelog
## 3.1.0 ((2017-07-05))
## 3.1.1 (Unreleased)
- Use a patched version of [awesomplete](https://github.com/LeaVerou/awesomplete)
which doesn't render suggestions as HTML (possible XSS attack vector). [jcbrand]
More info here: https://github.com/LeaVerou/awesomplete/pull/17082
## 3.1.0 (2017-07-05)
### API changes
- Deprecate the `updateSettings` method in favour of

View File

@ -33,7 +33,7 @@
},
"devDependencies": {
"almond": "~0.3.3",
"awesomplete": "^1.1.1",
"awesomplete-avoid-xss": "^1.1.2",
"backbone": "1.3.3",
"backbone.browserStorage": "0.0.3",
"backbone.overview": "0.0.3",

View File

@ -16,7 +16,7 @@ require.config({
baseUrl: '.',
paths: {
"almond": "node_modules/almond/almond",
"awesomplete": "node_modules/awesomplete/awesomplete",
"awesomplete": "node_modules/awesomplete-avoid-xss/awesomplete",
"backbone": "node_modules/backbone/backbone",
"backbone.noconflict": "src/backbone.noconflict",
"backbone.browserStorage": "node_modules/backbone.browserStorage/backbone.browserStorage",