From e78dc69a6b8dcadf8c8919b039d7ad0b4e7a6970 Mon Sep 17 00:00:00 2001
From: Igor Vaynberg <igor.vaynberg@gmail.com>
Date: Tue, 5 Feb 2013 15:15:58 -0800
Subject: [PATCH] call escape markup on results

---
 select2.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/select2.js b/select2.js
index a010685b..b3c326ec 100644
--- a/select2.js
+++ b/select2.js
@@ -698,7 +698,7 @@ the specific language governing permissions and limitations under the Apache Lic
                             label=$(document.createElement("div"));
                             label.addClass("select2-result-label");
 
-                            formatted=opts.formatResult(result, label, query);
+                            formatted=opts.escapeMarkup(opts.formatResult(result, label, query));
                             if (formatted!==undefined) {
                                 label.html(formatted);
                             }