Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Nested keys should not be escaped by default #854
This commit d367309 made
Basically, this is ok:
This should not escape by default:
I did not submit a PR because I'm not sure of the approach you want to take here: never escaping when nesting, add a separate option to control nesting escaping or something else. It will be my pleasure to submit one once an approach is chosen.
i think it would be safe to remove the escaping there...can't figure out a way someone could exploit that for an xss attack.
so basically i think removing that line and publishing a major version should be ok. Still if someone more clever sees a risk we could introduce an additional options (which i prefer to avoid - enough options right now ;) )