Tieson Trowbridge
Tieson Trowbridge
I suppose I can see your point, although taking input from a user and then (safely) using it in a call to Bootbox as dialog content seems like something that's...
The [bootboxjs website](http://bootboxjs.com/) is generated from the [gh-pages branch](https://github.com/makeusabrew/bootbox/tree/gh-pages), so if you would like to take a crack at that, I'd be happy to review a pull-request. Otherwise, it may...
@yonjah I'm not entirely sure I understand what you're suggesting. I won't be changing the internals to use text() instead of html() - that would break most of the existing...
@vedmant "fix it" implies that something is broken. I think I've made it clear that I don't consider this a "bug" or problem with Bootbox, in spite of whatever external...
@nullivex I hope this doesn't come across poorly, as there's no malicious intent behind it, but I'm not terribly concerned about what external sites report about this library. Bootbox works...
@nullivex I wouldn't call it "bothering" me. I understand that having that warning on the package is a problem for some users, but there's not a whole lot I can...
Bootstrap's sanitizer functions (https://github.com/twbs/bootstrap/blob/master/js/src/util/sanitizer.js) seem fairly straight-forward, but none of these functions are part of it's public API. I suppose I could pull the code from that file into this...
I've pinned this issue, to make it easier to find (and hopefully reduce duplicate issues being raised).
@yonjah Minor API change, yes. Major change in functionality, also yes, and I'm not okay with that. @tarlepp was just making a point that user input should never be trusted...
@yonjah Making HTML rendering (for the various options which currently allow it) require an extra step, rather than the default behavior, is a major difference, IMO, which is the majority...