From 3b65bc6df097dde79ca9f40f55babdbf9882c7a3 Mon Sep 17 00:00:00 2001 From: David Chambers Date: Mon, 14 Feb 2011 17:49:25 -0800 Subject: [PATCH] Replaced three occurrences of `.html()` with `.text()` to prevent `X&Y` from appearing in the field as `X&Y`, and to prevent input from being treated as HTML. --- jquery.jeditable.js | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/jquery.jeditable.js b/jquery.jeditable.js index eb8a911..3818fe7 100644 --- a/jquery.jeditable.js +++ b/jquery.jeditable.js @@ -171,7 +171,7 @@ } self.editing = true; - self.revert = $(self).html(); + self.revert = $(self).text(); $(self).html(''); /* Create the form object. */ @@ -309,7 +309,7 @@ /* Check if given target is function */ if ($.isFunction(settings.target)) { var str = settings.target.apply(self, [input.val(), settings]); - $(self).html(str); + $(self).text(str); self.editing = false; callback.apply(self, [self.innerHTML, settings]); /* TODO: this is not dry */ @@ -378,7 +378,7 @@ if (this.editing) { /* Before reset hook, if it returns false abort reseting. */ if (false !== onreset.apply(form, [settings, self])) { - $(self).html(self.revert); + $(self).text(self.revert); self.editing = false; if (!$.trim($(self).html())) { $(self).html(settings.placeholder);