web-mode
web-mode copied to clipboard
Published
20 hours ago •
fxbois
fxbois
Fix ‘{{~’ completion for Handlebars
We should not autocomplete {{~ to {{~{ | }}}, as that unexpectedly disables HTML escaping in Handlebars, leading to cross-site scripting vulnerabilities.
Instead, autocomplete {{~ to {{~ | }} and {{~{ to {{~{ | }}}.
