TryFSharpOnWasm icon indicating copy to clipboard operation
TryFSharpOnWasm copied to clipboard

Published 20 hours ago verified publisher icon fsbolero

Escape HTML in autocomplete tooltips

Open Tarmil opened this issue 5 years ago • 0 comments

Currently autocomplete tooltips aren't escaped for HTML, so they can do some injection.

screenshot

For a more realistic and confusing scenario, this means that a value of type eg List<string> will show as just List with an invisible and meaningless <string> HTML tag.

Tarmil avatar Dec 21 '18 22:12 Tarmil