Use a patched version of awesomplete...
which doesn't render suggestions as HTML. See https://github.com/LeaVerou/awesomplete/pull/17082
This commit is contained in:
parent
c422237668
commit
647395a504
@ -1,6 +1,13 @@
|
|||||||
# Changelog
|
# Changelog
|
||||||
|
|
||||||
## 3.1.0 ((2017-07-05))
|
## 3.1.1 (Unreleased)
|
||||||
|
|
||||||
|
- Use a patched version of [awesomplete](https://github.com/LeaVerou/awesomplete)
|
||||||
|
which doesn't render suggestions as HTML (possible XSS attack vector). [jcbrand]
|
||||||
|
|
||||||
|
More info here: https://github.com/LeaVerou/awesomplete/pull/17082
|
||||||
|
|
||||||
|
## 3.1.0 (2017-07-05)
|
||||||
|
|
||||||
### API changes
|
### API changes
|
||||||
- Deprecate the `updateSettings` method in favour of
|
- Deprecate the `updateSettings` method in favour of
|
||||||
|
@ -33,7 +33,7 @@
|
|||||||
},
|
},
|
||||||
"devDependencies": {
|
"devDependencies": {
|
||||||
"almond": "~0.3.3",
|
"almond": "~0.3.3",
|
||||||
"awesomplete": "^1.1.1",
|
"awesomplete-avoid-xss": "^1.1.2",
|
||||||
"backbone": "1.3.3",
|
"backbone": "1.3.3",
|
||||||
"backbone.browserStorage": "0.0.3",
|
"backbone.browserStorage": "0.0.3",
|
||||||
"backbone.overview": "0.0.3",
|
"backbone.overview": "0.0.3",
|
||||||
|
@ -16,7 +16,7 @@ require.config({
|
|||||||
baseUrl: '.',
|
baseUrl: '.',
|
||||||
paths: {
|
paths: {
|
||||||
"almond": "node_modules/almond/almond",
|
"almond": "node_modules/almond/almond",
|
||||||
"awesomplete": "node_modules/awesomplete/awesomplete",
|
"awesomplete": "node_modules/awesomplete-avoid-xss/awesomplete",
|
||||||
"backbone": "node_modules/backbone/backbone",
|
"backbone": "node_modules/backbone/backbone",
|
||||||
"backbone.noconflict": "src/backbone.noconflict",
|
"backbone.noconflict": "src/backbone.noconflict",
|
||||||
"backbone.browserStorage": "node_modules/backbone.browserStorage/backbone.browserStorage",
|
"backbone.browserStorage": "node_modules/backbone.browserStorage/backbone.browserStorage",
|
||||||
|
Loading…
Reference in New Issue
Block a user