a6fdd560c7
This addresses a potential XSS vulnerability caused by tern's construction of inline HTML where text input is not escaped, which is then passed to the openDialog function for rendering. The construction is replaced with an equivalent DOM fragment construction, which the openDialog API also supports. This is currently a blocker for CodeMirror users that want to enforce Trusted Types in their web application. |
||
---|---|---|
.. | ||
tern.css | ||
tern.js | ||
worker.js |