ajaxorg / ace

Ace (Ajax.org Cloud9 Editor)

https://ace.c9.io

(default_gutter_handler): showTooltip is CSP incompliant - assigns innerHTML

dimovpetar opened this issue 2 months ago · comments

Petar Dimov commented 2 months ago

Describe the bug

GutterTooltip#showTooltip uses this.setHtml, which results in innerHTML=...

ace/src/mouse/default_gutter_handler.js

Line 227 in a3277ea

this.setHtml(tooltipContent);

Expected Behavior

Tooltip is created in CSP compliant way

Current Behavior

Tooltip is created in CSP incompliant way

Reproduction Steps

Open any ace editor and type something invalid
Hover on the tooltip with the mouse

Possible Solution

No response

Additional Information/Context

No response

Ace Version / Browser / OS / Keyboard layout

1.31.1

Petar Dimov commented 23 days ago

@akoreman thanks for the fix. Is this issue ready to be closed now?

Alice Koreman commented 23 days ago

Yeah this issue should be resolved now