RetailCRM-Mirror/select2
1
0
Fork 0
mirror of synced 2025-02-03 21:59:24 +03:00
Code Issues Projects Releases Wiki Activity

Pass through non-strings in escapeMarkup

Browse Source 
It is assumed that DOM elements or related objects will have been
escaped before they are passed back from templating functions. As
strings are typically blinding concatenated, like in our defaults,
it makes sense to escape the markup within them.

This is related to https://github.com/select2/select2/issues/3005.
This commit is contained in:
Kevin Brown 2015-02-06 19:45:10 -05:00
parent 631ae06c8d
commit 0f7a37b2d6
8 changed files with 36 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
dist/js/select2.amd.full.js vendored
View File

@ -231,6 +231,11 @@ define(['jquery'], function ($) {define('select2/utils',[
'/': '/'
};
// Do not try to escape the markup if it's not a string
if (typeof markup !== 'string') {
return markup;
}
return String(markup).replace(/[&<>"'\/\\]/g, function (match) {
return replaceMap[match];
});

5
dist/js/select2.amd.js vendored
View File

@ -231,6 +231,11 @@ define(['jquery'], function ($) {define('select2/utils',[
'/': '&#47;'
};
// Do not try to escape the markup if it's not a string
if (typeof markup !== 'string') {
return markup;
}
return String(markup).replace(/[&<>"'\/\\]/g, function (match) {
return replaceMap[match];
});

5
dist/js/select2.full.js vendored
View File

@ -669,6 +669,11 @@ define('select2/utils',[
'/': '&#47;'
};
// Do not try to escape the markup if it's not a string
if (typeof markup !== 'string') {
return markup;
}
return String(markup).replace(/[&<>"'\/\\]/g, function (match) {
return replaceMap[match];
});

2
dist/js/select2.full.min.js vendored
View File

File diff suppressed because one or more lines are too long

5
dist/js/select2.js vendored
View File

@ -669,6 +669,11 @@ define('select2/utils',[
'/': '&#47;'
};
// Do not try to escape the markup if it's not a string
if (typeof markup !== 'string') {
return markup;
}
return String(markup).replace(/[&<>"'\/\\]/g, function (match) {
return replaceMap[match];
});

2
dist/js/select2.min.js vendored
View File

File diff suppressed because one or more lines are too long

5
src/js/select2/utils.js vendored
View File

@ -231,6 +231,11 @@ define([
'/': '&#47;'
};
// Do not try to escape the markup if it's not a string
if (typeof markup !== 'string') {
return markup;
}
return String(markup).replace(/[&<>"'\/\\]/g, function (match) {
return replaceMap[match];
});

9
tests/utils/escapeMarkup-tests.js
View File

@ -25,3 +25,12 @@ test('quotes are killed as well', function (assert) {
assert.equal(escaped.indexOf('\''), -1);
assert.equal(escaped.indexOf('"'), -1);
});
test('DocumentFragment options pass through', function (assert) {
var frag = document.createDocumentFragment();
frag.innerHTML = '<strong>test</strong>';
var escaped = Utils.escapeMarkup(frag);
assert.equal(frag, escaped);
});