From cff0b6ddf046db714d0cdf776a9682105e4495b4 Mon Sep 17 00:00:00 2001
From: Ghislain B <gbeaulac@gmail.com>
Date: Tue, 7 Nov 2023 18:10:48 -0500
Subject: [PATCH] fix: change `.innerHTML` to `.textContent` for CSP compliance

I think we should use `textContent` to reduce CSP (Content  Security Policy) requirements. If we add CSP `require-trusted-types-for 'script'`, then it blocks `innerHTML` unless it's `TrustedHTML`, however in the case of this lib's usage, we can simply replace the `innerHTML` with `textContent` which has the exact same effect and is more CSP compliant

For reference, you can see this [PR](https://github.com/vitejs/vite/pull/10801) on the Vite project, they've done the exact same code change.
---
 autocomplete.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/autocomplete.ts b/autocomplete.ts
index 6decf6a..7f83ae5 100644
--- a/autocomplete.ts
+++ b/autocomplete.ts
@@ -319,7 +319,7 @@ export default function autocomplete<T extends AutocompleteItem>(settings: Autoc
      */
     function update() {
 
-        container.innerHTML = '';
+        container.textContent = '';
         input.setAttribute('aria-activedescendant', '');
 
         // function for rendering autocomplete suggestions