Selaa lähdekoodia

Use a patched version of awesomplete...

which doesn't render suggestions as HTML.

See https://github.com/LeaVerou/awesomplete/pull/17082
JC Brand 8 vuotta sitten
vanhempi
commit
647395a504
3 muutettua tiedostoa jossa 10 lisäystä ja 3 poistoa
  1. 8 1
      CHANGES.md
  2. 1 1
      package.json
  3. 1 1
      src/config.js

+ 8 - 1
CHANGES.md

@@ -1,6 +1,13 @@
 # Changelog
 # Changelog
 
 
-## 3.1.0 ((2017-07-05))
+## 3.1.1 (Unreleased)
+
+- Use a patched version of [awesomplete](https://github.com/LeaVerou/awesomplete)
+  which doesn't render suggestions as HTML (possible XSS attack vector). [jcbrand]
+
+More info here: https://github.com/LeaVerou/awesomplete/pull/17082
+
+## 3.1.0 (2017-07-05)
 
 
 ### API changes
 ### API changes
 - Deprecate the `updateSettings` method in favour of
 - Deprecate the `updateSettings` method in favour of

+ 1 - 1
package.json

@@ -33,7 +33,7 @@
   },
   },
   "devDependencies": {
   "devDependencies": {
     "almond": "~0.3.3",
     "almond": "~0.3.3",
-    "awesomplete": "^1.1.1",
+    "awesomplete-avoid-xss": "^1.1.2",
     "backbone": "1.3.3",
     "backbone": "1.3.3",
     "backbone.browserStorage": "0.0.3",
     "backbone.browserStorage": "0.0.3",
     "backbone.overview": "0.0.3",
     "backbone.overview": "0.0.3",

+ 1 - 1
src/config.js

@@ -16,7 +16,7 @@ require.config({
     baseUrl: '.',
     baseUrl: '.',
     paths: {
     paths: {
         "almond":                   "node_modules/almond/almond",
         "almond":                   "node_modules/almond/almond",
-        "awesomplete":              "node_modules/awesomplete/awesomplete",
+        "awesomplete":              "node_modules/awesomplete-avoid-xss/awesomplete",
         "backbone":                 "node_modules/backbone/backbone",
         "backbone":                 "node_modules/backbone/backbone",
         "backbone.noconflict":      "src/backbone.noconflict",
         "backbone.noconflict":      "src/backbone.noconflict",
         "backbone.browserStorage":  "node_modules/backbone.browserStorage/backbone.browserStorage",
         "backbone.browserStorage":  "node_modules/backbone.browserStorage/backbone.browserStorage",