It seems like there is a possible vulnerability in using the List editor with the Object item-type. Modal.prototype.itemToString does not escape the values by default which makes it vulnerable to XSS attacks.
Here is a simple example: https://jsfiddle.net/wesvetter/sh57z7ba/2/
If this is the intended behavior then a note should be added to the README so that users are aware of the behavior.
It seems like there is a possible vulnerability in using the List editor with the Object item-type.
Modal.prototype.itemToStringdoes not escape the values by default which makes it vulnerable to XSS attacks.Here is a simple example: https://jsfiddle.net/wesvetter/sh57z7ba/2/
If this is the intended behavior then a note should be added to the README so that users are aware of the behavior.