4ccf2bddfe
In general, assigning a plain string to the innerHTML property of an element can cause XSS vulnerabilities, and is thus considered as a violation by the Trusted Types web platform security mechanism. This commit addresses two such violations in CodeMirror by replacing them with semantically equivalent assignments to the textContent property. This is currently a blocker for CodeMirror users that want to enforce Trusted Types in their web application. |
||
---|---|---|
.. | ||
colorize.js | ||
runmode.js |