This fixes an issue when using a `<select>` where the elements were
created with XHTML-encoded characters to prevent any injection, as
they would be double-encoded and display incorrectly.
When using a `<select>`, we can assume that the data has already
been encoded because any XSS will have already run before we get to
it. Because of this, we can just use `.text()` instead of `.html()`
to avoid any issues.
This also includes a test to ensure that this does not become an
issue in the future.
This closes https://github.com/select2/select2/issues/3115.
0da15aa586