Skip to content

Commit fcea152

Browse files
committed
Merge pull request select2#703 from jelte12345/master
Fixed my own XSS pull request to actually work
2 parents 3536728 + c0dd741 commit fcea152

1 file changed

Lines changed: 7 additions & 8 deletions

File tree

select2.js

Lines changed: 7 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -2450,16 +2450,15 @@ the specific language governing permissions and limitations under the Apache Lic
24502450
escapeMarkup: function (markup) {
24512451
var replace_map = {
24522452
'\\': '\',
2453-
'&': '&#amp;',
2454-
'<': '&#lt;',
2455-
'>': '&#rt;',
2456-
'"': '&#quot;',
2457-
"'": '&#39;',
2458-
"/": '&#x2F;'
2453+
'&': '&amp;',
2454+
'<': '&lt;',
2455+
'>': '&gt;',
2456+
'"': '&quot;',
2457+
"'": '&apos;',
2458+
"/": '&#47;'
24592459
};
2460-
//'--': '-&#45;'
24612460

2462-
return String(html).replace(/[&<>"'/\\]/g, function (match) {
2461+
return String(markup).replace(/[&<>"'/\\]/g, function (match) {
24632462
return replace_map[match[0]];
24642463
});
24652464

0 commit comments

Comments
 (0)