RetailCRM-Mirror/select2
1
0
Fork 0
mirror of synced 2024-11-22 13:06:08 +03:00
Code Issues Projects Releases Wiki Activity

Fix XSS issue in AJAX example

Browse Source
This commit is contained in:
Kevin Brown 2019-07-10 00:25:40 -04:00
parent 1c394a421b
commit 1f79acbe5f
1 changed files with 20 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
pages/06.data-sources/02.ajax/docs.md
View File

@ -309,7 +309,6 @@ $(".js-example-data-ajax").select2({
cache: true
},
placeholder: 'Search for a repository',
escapeMarkup: function (markup) { return markup; }, // let our custom formatter work
minimumInputLength: 1,
templateResult: formatRepo,
templateSelection: formatRepoSelection
@ -320,23 +319,28 @@ function formatRepo (repo) {
return repo.text;
}
var markup = "<div class='select2-result-repository clearfix'>" +
"<div class='select2-result-repository__avatar'><img src='" + repo.owner.avatar_url + "' /></div>" +
"<div class='select2-result-repository__meta'>" +
"<div class='select2-result-repository__title'>" + repo.full_name + "</div>";
var $container = $(
"<div class='select2-result-repository clearfix'>" +
"<div class='select2-result-repository__avatar'><img src='" + repo.owner.avatar_url + "' /></div>" +
"<div class='select2-result-repository__meta'>" +
"<div class='select2-result-repository__title'></div>" +
"<div class='select2-result-repository__description'></div>" +
"<div class='select2-result-repository__statistics'>" +
"<div class='select2-result-repository__forks'><i class='fa fa-flash'></i> </div>" +
"<div class='select2-result-repository__stargazers'><i class='fa fa-star'></i> </div>" +
"<div class='select2-result-repository__watchers'><i class='fa fa-eye'></i> </div>" +
"</div>" +
"</div>" +
"</div>"
);
if (repo.description) {
markup += "<div class='select2-result-repository__description'>" + repo.description + "</div>";
}
$container.find(".select2-result-repository__title").text(repo.full_name);
$container.find(".select2-result-repository__description").text(repo.description);
$container.find(".select2-result-repository__forks").append(repo.forks_count + " Forks");
$container.find(".select2-result-repository__stargazers").append(repo.stargazers_count + " Stars");
$container.find(".select2-result-repository__watchers").append(repo.watchers_count + " Watchers");
markup += "<div class='select2-result-repository__statistics'>" +
"<div class='select2-result-repository__forks'><i class='fa fa-flash'></i> " + repo.forks_count + " Forks</div>" +
"<div class='select2-result-repository__stargazers'><i class='fa fa-star'></i> " + repo.stargazers_count + " Stars</div>" +
"<div class='select2-result-repository__watchers'><i class='fa fa-eye'></i> " + repo.watchers_count + " Watchers</div>" +
"</div>" +
"</div></div>";
return markup;
return $container;
}
function formatRepoSelection (repo) {