Jakub T. Jankiewicz

Awesome. Thanks.

@jsoref This is not a documentation issue. This can have potential security implications for people that use the library. Since if they don't know about this it can lead to...

And about applying for CVE, I once wanted to report CVE and it was a complex process, that's why it's great that GitHub help with creating one. My last vulnerability...

> That said, if this is a documented feature, please think through what you're proposing. So you don't know if this is documented or not? I've never found documentation that...

AFIK Every open-source license is provided as is without any warranties. And `raw` is the only way to use template literals. It seems it's documented: https://docs.esprima.org/en/3.1/syntax-tree-format.html#tagged-template-expression I usually just use...

If anyone is interested you only need to escape the string before you pass to escodegen. ```javascript function escape_quote(str) { return str.replace(/\$\{/g, '\\${'); } ```

I've reported the vulnerability to [Snyk](https://snyk.io/) that can also assign CVE numbers.

@craftystudio what mistakes?

@jarble I know, see discussion on a maintained fork - peggyjs/peggy#194

Thanks, I think that there is a lot more to even PEG.js that is not implemented in Codemirror grammar that is very simple. [My language](https://gaiman.js.org/) is all messed up in...