select2

mirror of synced 2024-11-22 13:06:08 +03:00

History

Kevin Brown 0da15aa586 Fixed option text encoding This fixes an issue when using a `<select>` where the elements were created with XHTML-encoded characters to prevent any injection, as they would be double-encoded and display incorrectly. When using a `<select>`, we can assume that the data has already been encoded because any XSS will have already run before we get to it. Because of this, we can just use `.text()` instead of `.html()` to avoid any issues. This also includes a test to ensure that this does not become an issue in the future. This closes https://github.com/select2/select2/issues/3115.	2015-03-11 18:12:14 -04:00
..
css	word-wrap: nowrap styling	2015-02-17 12:41:25 -05:00
js	Fixed option text encoding	2015-03-11 18:12:14 -04:00

Kevin Brown 0da15aa586 Fixed option text encoding

This fixes an issue when using a `<select>` where the elements were
created with XHTML-encoded characters to prevent any injection, as
they would be double-encoded and display incorrectly.

When using a `<select>`, we can assume that the data has already
been encoded because any XSS will have already run before we get to
it.  Because of this, we can just use `.text()` instead of `.html()`
to avoid any issues.

This also includes a test to ensure that this does not become an
issue in the future.

This closes https://github.com/select2/select2/issues/3115.

2015-03-11 18:12:14 -04:00

css

word-wrap: nowrap styling

2015-02-17 12:41:25 -05:00

Fixed option text encoding

2015-03-11 18:12:14 -04:00