1
0
mirror of synced 2025-02-03 21:59:24 +03:00
Kevin Brown 0da15aa586 Fixed option text encoding
This fixes an issue when using a `<select>` where the elements were
created with XHTML-encoded characters to prevent any injection, as
they would be double-encoded and display incorrectly.

When using a `<select>`, we can assume that the data has already
been encoded because any XSS will have already run before we get to
it.  Because of this, we can just use `.text()` instead of `.html()`
to avoid any issues.

This also includes a test to ensure that this does not become an
issue in the future.

This closes https://github.com/select2/select2/issues/3115.
2015-03-11 18:12:14 -04:00
..
2015-01-09 20:50:06 -05:00
2015-01-22 14:49:39 -05:00
2014-10-21 21:43:57 -04:00
2015-03-11 18:12:14 -04:00
2015-01-22 14:49:39 -05:00
2015-01-11 16:30:16 -05:00
2015-01-22 14:49:39 -05:00