From 2952f328cd0eaf243e8dda412eeba90fff236073 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andr=C3=A9=20Fiedler?= Date: Tue, 24 Mar 2015 10:14:06 +0100 Subject: [PATCH 1/2] Update jquery.autocomplete.js --- src/jquery.autocomplete.js | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/src/jquery.autocomplete.js b/src/jquery.autocomplete.js index 9f39ddb2..b6f9f7d5 100644 --- a/src/jquery.autocomplete.js +++ b/src/jquery.autocomplete.js @@ -127,9 +127,15 @@ $.Autocomplete = Autocomplete; Autocomplete.formatResult = function (suggestion, currentValue) { + var htmlSafeString = suggestion.value + .replace(/&/g, '&') + .replace(//g, '>') + .replace(/"/g, '"'); + var pattern = '(' + utils.escapeRegExChars(currentValue) + ')'; - return suggestion.value.replace(new RegExp(pattern, 'gi'), '$1<\/strong>'); + return htmlSafeString.replace(new RegExp(pattern, 'gi'), '$1<\/strong>'); }; Autocomplete.prototype = { From 864541e245508a850d4b81a0d8a886204b121fb9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andr=C3=A9=20Fiedler?= Date: Tue, 24 Mar 2015 10:14:39 +0100 Subject: [PATCH 2/2] Update jquery.autocomplete.js --- dist/jquery.autocomplete.js | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/dist/jquery.autocomplete.js b/dist/jquery.autocomplete.js index 3e8f5272..1d954029 100644 --- a/dist/jquery.autocomplete.js +++ b/dist/jquery.autocomplete.js @@ -127,9 +127,15 @@ $.Autocomplete = Autocomplete; Autocomplete.formatResult = function (suggestion, currentValue) { + var htmlSafeString = suggestion.value + .replace(/&/g, '&') + .replace(//g, '>') + .replace(/"/g, '"'); + var pattern = '(' + utils.escapeRegExChars(currentValue) + ')'; - return suggestion.value.replace(new RegExp(pattern, 'gi'), '$1<\/strong>'); + return htmlSafeString.replace(new RegExp(pattern, 'gi'), '$1<\/strong>'); }; Autocomplete.prototype = {