devbridge-autocomplete

devbridge-autocomplete: XSS via unescaped formatGroup and formatResult

The default `formatGroup` and `formatResult` functions concatenate values into HTML without escaping, leading to XSS vulnerabiliti