Currently autocomplete tooltips aren't escaped for HTML, so they can do some injection.
For a more realistic and confusing scenario, this means that a value of type eg List<string> will show as just List with an invisible and meaningless <string> HTML tag.
Currently autocomplete tooltips aren't escaped for HTML, so they can do some injection.
For a more realistic and confusing scenario, this means that a value of type eg
List<string>
will show as justList
with an invisible and meaningless<string>
HTML tag.