call escape markup on results

ivaynberg · ivaynberg · commit e78dc69a6b8d · 2013-02-05T15:16:21.000-08:00
diff --git a/select2.js b/select2.js
@@ -698,7 +698,7 @@ the specific language governing permissions and limitations under the Apache Lic
                             label=$(document.createElement("div"));
                             label.addClass("select2-result-label");
 
-                            formatted=opts.formatResult(result, label, query);
+                            formatted=opts.escapeMarkup(opts.formatResult(result, label, query));
                             if (formatted!==undefined) {
                                 label.html(formatted);
                             }

Original file line number	Diff line number	Diff line change
`@@ -698,7 +698,7 @@ the specific language governing permissions and limitations under the Apache Lic`
`698`	`698`	`label=$(document.createElement("div"));`
`699`	`699`	`label.addClass("select2-result-label");`
`700`	`700`
`701`		`- formatted=opts.formatResult(result, label, query);`
	`701`	`+ formatted=opts.escapeMarkup(opts.formatResult(result, label, query));`
`702`	`702`	`if (formatted!==undefined) {`
`703`	`703`	`label.html(formatted);`
`704`	`704`	`}`