5a0f7f5518
This is needed to escape any bad markup that is passed through user-entered data. Users can prevent their markup from being escaped by using a no-op `escapeMarkup` function. This closes https://github.com/select2/select2/issues/2990.
73 lines
1.5 KiB
JavaScript
73 lines
1.5 KiB
JavaScript
module('Selection containers - Multiple');
|
|
|
|
var MultipleSelection = require('select2/selection/multiple');
|
|
|
|
var $ = require('jquery');
|
|
var Options = require('select2/options');
|
|
var Utils = require('select2/utils');
|
|
|
|
var options = new Options({});
|
|
|
|
test('display uses templateSelection', function (assert) {
|
|
var called = false;
|
|
|
|
var templateOptions = new Options({
|
|
templateSelection: function (data) {
|
|
called = true;
|
|
|
|
return data.text;
|
|
}
|
|
});
|
|
|
|
var selection = new MultipleSelection(
|
|
$('#qunit-fixture .multiple'),
|
|
templateOptions
|
|
);
|
|
|
|
var out = selection.display({
|
|
text: 'test'
|
|
});
|
|
|
|
assert.ok(called);
|
|
|
|
assert.equal(out, 'test');
|
|
});
|
|
|
|
test('empty update clears the selection', function (assert) {
|
|
var selection = new MultipleSelection(
|
|
$('#qunit-fixture .multiple'),
|
|
options
|
|
);
|
|
|
|
var $selection = selection.render();
|
|
var $rendered = $selection.find('.select2-selection__rendered');
|
|
|
|
$rendered.text('testing');
|
|
|
|
selection.update([]);
|
|
|
|
assert.equal($rendered.text(), '');
|
|
});
|
|
|
|
test('escapePlaceholder is being used', function (assert) {
|
|
var selection = new MultipleSelection(
|
|
$('#qunit-fixture .multiple'),
|
|
options
|
|
);
|
|
|
|
var $selection = selection.render();
|
|
var $rendered = $selection.find('.select2-selection__rendered');
|
|
|
|
var unescapedText = '<script>bad("stuff");</script>';
|
|
|
|
selection.update([{
|
|
text: unescapedText
|
|
}]);
|
|
|
|
assert.equal(
|
|
$rendered.text().indexOf(unescapedText),
|
|
1,
|
|
'The text should be escaped by default to prevent injection'
|
|
);
|
|
});
|