Escape html characters - optgroup label

enkarito · enkarito · commit 1619b1f0796b · 2014-12-25T04:18:27.000-05:00
diff --git a/src/jquery.multiselect.js b/src/jquery.multiselect.js
@@ -152,7 +152,13 @@
 
           // has this optgroup been added already?
           if($.inArray(optLabel, optgroups) === -1) {
-            html += '<li class="ui-multiselect-optgroup-label ' + parent.className + '"><a href="#">' + optLabel + '</a></li>';
+            var optLabelEscaped = optLabel.replace(/&/g, '&amp;')
+              .replace(/>/g, '&gt;')
+              .replace(/</g, '&lt;')
+              .replace(/'/g, '&#39;')
+              .replace(/\//g, '&#x2F;')
+              .replace(/"/g, '&quot;');
+            html += '<li class="ui-multiselect-optgroup-label ' + parent.className + '"><a href="#">' + optLabelEscaped + '</a></li>';
             optgroups.push(optLabel);
           }
         }

Original file line number	Diff line number	Diff line change
`@@ -152,7 +152,13 @@`
`152`	`152`
`153`	`153`	`// has this optgroup been added already?`
`154`	`154`	`if($.inArray(optLabel, optgroups) === -1) {`
`155`		`- html += '<li class="ui-multiselect-optgroup-label ' + parent.className + '"><a href="#">' + optLabel + '</a></li>';`
	`155`	`+ var optLabelEscaped = optLabel.replace(/&/g, '&')`
	`156`	`+ .replace(/>/g, '>')`
	`157`	`+ .replace(/</g, '<')`
	`158`	`+ .replace(/'/g, ''')`
	`159`	`+ .replace(/\//g, '/')`
	`160`	`+ .replace(/"/g, '"');`
	`161`	`+ html += '<li class="ui-multiselect-optgroup-label ' + parent.className + '"><a href="#">' + optLabelEscaped + '</a></li>';`
`156`	`162`	`optgroups.push(optLabel);`
`157`	`163`	`}`
`158`	`164`	`}`