Backport fix code injection

Open sseide opened this issue 5 years ago • 0 comments

backported fix for code injection (#571 and abaee2be937236b1b8da9a1f55096c17dda905fd) to the 2.x branch of ejs.

As this branch contains lot less dependencies it is the better choice for browser-side integration as long as there is no extra ejs-cli package. And all other dependencies of the 2.x branch are up to date (regarding security problems), therefor its safe to use.

Please merge this and publish a new version 2.7.5 to npm.

Many Thanks in advance, Stefan Seide

Feb 10 '21 11:02 sseide