0da15aa586
This fixes an issue when using a `<select>` where the elements were created with XHTML-encoded characters to prevent any injection, as they would be double-encoded and display incorrectly. When using a `<select>`, we can assume that the data has already been encoded because any XSS will have already run before we get to it. Because of this, we can just use `.text()` instead of `.html()` to avoid any issues. This also includes a test to ensure that this does not become an issue in the future. This closes https://github.com/select2/select2/issues/3115. |
||
|---|---|---|
| .. | ||
| i18n | ||
| select2.amd.full.js | ||
| select2.amd.js | ||
| select2.full.js | ||
| select2.full.min.js | ||
| select2.js | ||
| select2.min.js | ||