Pass through non-strings in escapeMarkup

It is assumed that DOM elements or related objects will have been
escaped before they are passed back from templating functions. As
strings are typically blinding concatenated, like in our defaults,
it makes sense to escape the markup within them.

This is related to select2#3005.

Author: kevin-brown

dist/js/select2.amd.full.js

@@ -231,6 +231,11 @@ define(['jquery'], function ($) {define('select2/utils',[
       '/': '/'
     };
 
+    // Do not try to escape the markup if it's not a string
+    if (typeof markup !== 'string') {
+      return markup;
+    }
+
     return String(markup).replace(/[&<>"'\/\\]/g, function (match) {
       return replaceMap[match];
     });

dist/js/select2.amd.js

@@ -231,6 +231,11 @@ define(['jquery'], function ($) {define('select2/utils',[
       '/': '/'
     };
 
+    // Do not try to escape the markup if it's not a string
+    if (typeof markup !== 'string') {
+      return markup;
+    }
+
     return String(markup).replace(/[&<>"'\/\\]/g, function (match) {
       return replaceMap[match];
     });

dist/js/select2.full.js

@@ -669,6 +669,11 @@ define('select2/utils',[
       '/': '/'
     };
 
+    // Do not try to escape the markup if it's not a string
+    if (typeof markup !== 'string') {
+      return markup;
+    }
+
     return String(markup).replace(/[&<>"'\/\\]/g, function (match) {
       return replaceMap[match];
     });

dist/js/select2.full.min.js

@@ -669,6 +669,11 @@ define('select2/utils',[
       '/': '/'
     };
 
+    // Do not try to escape the markup if it's not a string
+    if (typeof markup !== 'string') {
+      return markup;
+    }
+
     return String(markup).replace(/[&<>"'\/\\]/g, function (match) {
       return replaceMap[match];
     });

dist/js/select2.js

@@ -231,6 +231,11 @@ define([
       '/': '/'
     };
 
+    // Do not try to escape the markup if it's not a string
+    if (typeof markup !== 'string') {
+      return markup;
+    }
+
     return String(markup).replace(/[&<>"'\/\\]/g, function (match) {
       return replaceMap[match];
     });

dist/js/select2.min.js

@@ -25,3 +25,12 @@ test('quotes are killed as well', function (assert) {
   assert.equal(escaped.indexOf('\''), -1);
   assert.equal(escaped.indexOf('"'), -1);
 });
+
+test('DocumentFragment options pass through', function (assert) {
+  var frag = document.createDocumentFragment();
+  frag.innerHTML = '<strong>test</strong>';
+
+  var escaped = Utils.escapeMarkup(frag);
+
+  assert.equal(frag, escaped);
+});