Merge pull request #703 from jelte12345/master

Fixed my own XSS pull request to actually work
2024-11-23 05:26:10 +03:00 · 2013-01-14 09:52:40 -08:00 · 2013-01-14 09:52:40 -08:00 · fcea1523fd
commit fcea1523fd
parent 353672832d c0dd741a79
1 changed files with 7 additions and 8 deletions
--- a/select2.js
+++ b/select2.js
@ -2450,16 +2450,15 @@ the specific language governing permissions and limitations under the Apache Lic
        escapeMarkup: function (markup) {
            var replace_map = {
                '\\': '&#92;',
-                '&': '&#amp;',
-                '<': '&#lt;',
-                '>': '&#rt;',
-                '"': '&#quot;',
-                "'": '&#39;',
-                "/": '&#x2F;'
+                '&': '&amp;',
+                '<': '&lt;',
+                '>': '&gt;',
+                '"': '&quot;',
+                "'": '&apos;',
+                "/": '&#47;'
            };
-            //'--': '-&#45;'

-            return String(html).replace(/[&<>"'/\\]/g, function (match) {
+            return String(markup).replace(/[&<>"'/\\]/g, function (match) {
                    return replace_map[match[0]];
            });