Setting this._node.innerHTML = this.tpl(data); is an XSS vulnrability https://developer.mozilla.org/en-US/docs/Web/API/Element/innerHTML
Is it possible to change this to appendChild as I have suggested?
I am using the cytoscape-node-html-label as part of my project and our linter is throwing an error when we try to submit the code to head.
This fix will be really useful if we can get it merged into this repo and remove the vulnrability.
Setting this._node.innerHTML = this.tpl(data); is an XSS vulnrability https://developer.mozilla.org/en-US/docs/Web/API/Element/innerHTML Is it possible to change this to appendChild as I have suggested? I am using the cytoscape-node-html-label as part of my project and our linter is throwing an error when we try to submit the code to head. This fix will be really useful if we can get it merged into this repo and remove the vulnrability.