Closed andersk closed 2 years ago
We should not autocomplete {{~ to {{~{ | }}}, as that unexpectedly disables HTML escaping in Handlebars, leading to cross-site scripting vulnerabilities.
{{~
{{~{ | }}}
Instead, autocomplete {{~ to {{~ | }} and {{~{ to {{~{ | }}}.
{{~ | }}
{{~{
thx
fxbois
commented
2 years ago
We should not autocomplete
{{~to{{~{ | }}}, as that unexpectedly disables HTML escaping in Handlebars, leading to cross-site scripting vulnerabilities.Instead, autocomplete
{{~to{{~ | }}and{{~{to{{~{ | }}}.