From 1f79acbe5ffa651dfdbed70d6c955c2ee4447cfa Mon Sep 17 00:00:00 2001
From: Kevin Brown <kevin@kevin-brown.com>
Date: Wed, 10 Jul 2019 00:25:40 -0400
Subject: [PATCH] Fix XSS issue in AJAX example

---
 pages/06.data-sources/02.ajax/docs.md | 36 +++++++++++++++------------
 1 file changed, 20 insertions(+), 16 deletions(-)

diff --git a/pages/06.data-sources/02.ajax/docs.md b/pages/06.data-sources/02.ajax/docs.md
index f6de8de1..70aa31b2 100644
--- a/pages/06.data-sources/02.ajax/docs.md
+++ b/pages/06.data-sources/02.ajax/docs.md
@@ -309,7 +309,6 @@ $(".js-example-data-ajax").select2({
     cache: true
   },
   placeholder: 'Search for a repository',
-  escapeMarkup: function (markup) { return markup; }, // let our custom formatter work
   minimumInputLength: 1,
   templateResult: formatRepo,
   templateSelection: formatRepoSelection
@@ -320,23 +319,28 @@ function formatRepo (repo) {
     return repo.text;
   }
 
-  var markup = "<div class='select2-result-repository clearfix'>" +
-    "<div class='select2-result-repository__avatar'><img src='" + repo.owner.avatar_url + "' /></div>" +
-    "<div class='select2-result-repository__meta'>" +
-      "<div class='select2-result-repository__title'>" + repo.full_name + "</div>";
+  var $container = $(
+    "<div class='select2-result-repository clearfix'>" +
+      "<div class='select2-result-repository__avatar'><img src='" + repo.owner.avatar_url + "' /></div>" +
+      "<div class='select2-result-repository__meta'>" +
+        "<div class='select2-result-repository__title'></div>" +
+        "<div class='select2-result-repository__description'></div>" +
+        "<div class='select2-result-repository__statistics'>" +
+          "<div class='select2-result-repository__forks'><i class='fa fa-flash'></i> </div>" +
+          "<div class='select2-result-repository__stargazers'><i class='fa fa-star'></i> </div>" +
+          "<div class='select2-result-repository__watchers'><i class='fa fa-eye'></i> </div>" +
+        "</div>" +
+      "</div>" +
+    "</div>"
+  );
 
-  if (repo.description) {
-    markup += "<div class='select2-result-repository__description'>" + repo.description + "</div>";
-  }
+  $container.find(".select2-result-repository__title").text(repo.full_name);
+  $container.find(".select2-result-repository__description").text(repo.description);
+  $container.find(".select2-result-repository__forks").append(repo.forks_count + " Forks");
+  $container.find(".select2-result-repository__stargazers").append(repo.stargazers_count + " Stars");
+  $container.find(".select2-result-repository__watchers").append(repo.watchers_count + " Watchers");
 
-  markup += "<div class='select2-result-repository__statistics'>" +
-    "<div class='select2-result-repository__forks'><i class='fa fa-flash'></i> " + repo.forks_count + " Forks</div>" +
-    "<div class='select2-result-repository__stargazers'><i class='fa fa-star'></i> " + repo.stargazers_count + " Stars</div>" +
-    "<div class='select2-result-repository__watchers'><i class='fa fa-eye'></i> " + repo.watchers_count + " Watchers</div>" +
-  "</div>" +
-  "</div></div>";
-
-  return markup;
+  return $container;
 }
 
 function formatRepoSelection (repo) {