fix unsafe HTML construction with createIcon

mapbox / mapbox-gl-geocoder

Geocoder control for mapbox-gl-js using Mapbox Geocoding API

https://mapbox.com/mapbox-gl-js/example/mapbox-gl-geocoder/

ISC License

368 stars 180 forks source link

fix unsafe HTML construction with createIcon #446

Closed stepankuzmin closed 2 years ago

stepankuzmin commented 2 years ago

This PR removes IE support for icon creation and removes createIcon from the MapboxGeocoder prototype.

stepankuzmin commented 2 years ago

Thanks Ryan!

As per discussion with @mapbox-danny we can hold on the merge until a major version update

ryanhamley commented 2 years ago

@stepankuzmin I think it's ok to revert the change that removes createIcon from the public API and just remove the offending IE11 code. That will resolve the open security ticket.

stepankuzmin commented 2 years ago

@ryanhamley sure, I've updated the PR