deac/chosen
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Update jQuery version for escaping

Browse source
This commit is contained in:
Matthew Beale 2011-07-27 12:24:30 -04:00
parent 2013c524ca
commit aed8ba82bd
3 changed files with 23 additions and 20 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

21
chosen/chosen.jquery.js
View file

@ -256,7 +256,7 @@
if (option.group_array_index != null) { if (option.group_array_index != null) {
classes.push("group-option"); classes.push("group-option");
} }
return '<li id="' + option.dom_id + '" class="' + classes.join(' ') + '">' + $("<div />").text(option.text).html() + '</li>'; return '<li id="' + option.dom_id + '" class="' + classes.join(' ') + '">' + option.html + '</li>';
} else { } else {
return ""; return "";
} }
@ -377,7 +377,7 @@
var choice_id, link; var choice_id, link;
choice_id = this.container_id + "_c_" + item.array_index; choice_id = this.container_id + "_c_" + item.array_index;
this.choices += 1; this.choices += 1;
this.search_container.before('<li class="search-choice" id="' + choice_id + '"><span>' + item.text + '</span><a href="javascript:void(0)" class="search-choice-close" rel="' + item.array_index + '"></a></li>'); this.search_container.before('<li class="search-choice" id="' + choice_id + '"><span>' + item.html + '</span><a href="javascript:void(0)" class="search-choice-close" rel="' + item.array_index + '"></a></li>');
link = $('#' + choice_id).find("a").first(); link = $('#' + choice_id).find("a").first();
return link.click(__bind(function(evt) { return link.click(__bind(function(evt) {
return this.choice_destroy_link_click(evt); return this.choice_destroy_link_click(evt);
@ -454,7 +454,7 @@
startTime = new Date(); startTime = new Date();
this.no_results_clear(); this.no_results_clear();
results = 0; results = 0;
searchText = this.search_field.val() === this.default_text ? "" : $.trim(this.search_field.val()); searchText = this.search_field.val() === this.default_text ? "" : $('<div/>').text($.trim(this.search_field.val())).html();
regex = new RegExp('^' + searchText.replace(/[-[\]{}()*+?.,\\^$|#\s]/g, "\\$&"), 'i'); regex = new RegExp('^' + searchText.replace(/[-[\]{}()*+?.,\\^$|#\s]/g, "\\$&"), 'i');
zregex = new RegExp(searchText.replace(/[-[\]{}()*+?.,\\^$|#\s]/g, "\\$&"), 'i'); zregex = new RegExp(searchText.replace(/[-[\]{}()*+?.,\\^$|#\s]/g, "\\$&"), 'i');
_ref = this.results_data; _ref = this.results_data;
@ -466,11 +466,11 @@
} else if (!(this.is_multiple && option.selected)) { } else if (!(this.is_multiple && option.selected)) {
found = false; found = false;
result_id = option.dom_id; result_id = option.dom_id;
if (regex.test(option.text)) { if (regex.test(option.html)) {
found = true; found = true;
results += 1; results += 1;
} else if (option.text.indexOf(" ") >= 0 || option.text.indexOf("[") === 0) { } else if (option.html.indexOf(" ") >= 0 || option.html.indexOf("[") === 0) {
parts = option.text.replace(/\[|\]/g, "").split(" "); parts = option.html.replace(/\[|\]/g, "").split(" ");
if (parts.length) { if (parts.length) {
for (_j = 0, _len2 = parts.length; _j < _len2; _j++) { for (_j = 0, _len2 = parts.length; _j < _len2; _j++) {
part = parts[_j]; part = parts[_j];
@ -483,11 +483,11 @@
} }
if (found) { if (found) {
if (searchText.length) { if (searchText.length) {
startpos = option.text.search(zregex); startpos = option.html.search(zregex);
text = option.text.substr(0, startpos + searchText.length) + '</em>' + option.text.substr(startpos + searchText.length); text = option.html.substr(0, startpos + searchText.length) + '</em>' + option.html.substr(startpos + searchText.length);
text = text.substr(0, startpos) + '<em>' + text.substr(startpos); text = text.substr(0, startpos) + '<em>' + text.substr(startpos);
} else { } else {
text = option.text; text = option.html;
} }
if ($("#" + result_id).html !== text) { if ($("#" + result_id).html !== text) {
$("#" + result_id).html(text); $("#" + result_id).html(text);
@ -535,7 +535,7 @@
Chosen.prototype.no_results = function(terms) { Chosen.prototype.no_results = function(terms) {
var no_results_html; var no_results_html;
no_results_html = $('<li class="no-results">No results match "<span></span>"</li>'); no_results_html = $('<li class="no-results">No results match "<span></span>"</li>');
no_results_html.find("span").first().text(terms); no_results_html.find("span").first().html(terms);
return this.search_results.append(no_results_html); return this.search_results.append(no_results_html);
}; };
Chosen.prototype.no_results_clear = function() { Chosen.prototype.no_results_clear = function() {
@ -746,6 +746,7 @@
options_index: this.options_index, options_index: this.options_index,
value: option.value, value: option.value,
text: option.text, text: option.text,
html: option.innerHTML,
selected: option.selected, selected: option.selected,
disabled: group_disabled === true ? group_disabled : option.disabled, disabled: group_disabled === true ? group_disabled : option.disabled,
group_array_index: group_position group_array_index: group_position

21
coffee/chosen.jquery.coffee
View file

@ -220,7 +220,7 @@ class Chosen
classes.push "result-selected" if option.selected classes.push "result-selected" if option.selected
classes.push "group-option" if option.group_array_index? classes.push "group-option" if option.group_array_index?
'<li id="' + option.dom_id + '" class="' + classes.join(' ') + '">' + $("<div />").text(option.text).html() + '</li>' '<li id="' + option.dom_id + '" class="' + classes.join(' ') + '">' + option.html + '</li>'
else else
"" ""
@ -321,7 +321,7 @@ class Chosen
choice_build: (item) -> choice_build: (item) ->
choice_id = @container_id + "_c_" + item.array_index choice_id = @container_id + "_c_" + item.array_index
@choices += 1 @choices += 1
@search_container.before '<li class="search-choice" id="' + choice_id + '"><span>' + item.text + '</span><a href="javascript:void(0)" class="search-choice-close" rel="' + item.array_index + '"></a></li>' @search_container.before '<li class="search-choice" id="' + choice_id + '"><span>' + item.html + '</span><a href="javascript:void(0)" class="search-choice-close" rel="' + item.array_index + '"></a></li>'
link = $('#' + choice_id).find("a").first() link = $('#' + choice_id).find("a").first()
link.click (evt) => this.choice_destroy_link_click(evt) link.click (evt) => this.choice_destroy_link_click(evt)
@ -402,7 +402,7 @@ class Chosen
results = 0 results = 0
searchText = if @search_field.val() is @default_text then "" else $.trim @search_field.val() searchText = if @search_field.val() is @default_text then "" else $('<div/>').text($.trim(@search_field.val())).html()
regex = new RegExp('^' + searchText.replace(/[-[\]{}()*+?.,\\^$|#\s]/g, "\\$&"), 'i') regex = new RegExp('^' + searchText.replace(/[-[\]{}()*+?.,\\^$|#\s]/g, "\\$&"), 'i')
zregex = new RegExp(searchText.replace(/[-[\]{}()*+?.,\\^$|#\s]/g, "\\$&"), 'i') zregex = new RegExp(searchText.replace(/[-[\]{}()*+?.,\\^$|#\s]/g, "\\$&"), 'i')
@ -414,12 +414,12 @@ class Chosen
found = false found = false
result_id = option.dom_id result_id = option.dom_id
if regex.test option.text if regex.test option.html
found = true found = true
results += 1 results += 1
else if option.text.indexOf(" ") >= 0 or option.text.indexOf("[") == 0 else if option.html.indexOf(" ") >= 0 or option.html.indexOf("[") == 0
#TODO: replace this substitution of /\[\]/ with a list of characters to skip. #TODO: replace this substitution of /\[\]/ with a list of characters to skip.
parts = option.text.replace(/\[|\]/g, "").split(" ") parts = option.html.replace(/\[|\]/g, "").split(" ")
if parts.length if parts.length
for part in parts for part in parts
if regex.test part if regex.test part
@ -428,11 +428,11 @@ class Chosen
if found if found
if searchText.length if searchText.length
startpos = option.text.search zregex startpos = option.html.search zregex
text = option.text.substr(0, startpos + searchText.length) + '</em>' + option.text.substr(startpos + searchText.length) text = option.html.substr(0, startpos + searchText.length) + '</em>' + option.html.substr(startpos + searchText.length)
text = text.substr(0, startpos) + '<em>' + text.substr(startpos) text = text.substr(0, startpos) + '<em>' + text.substr(startpos)
else else
text = option.text text = option.html
$("#" + result_id).html text if $("#" + result_id).html != text $("#" + result_id).html text if $("#" + result_id).html != text
@ -467,7 +467,7 @@ class Chosen
no_results: (terms) -> no_results: (terms) ->
no_results_html = $('<li class="no-results">No results match "<span></span>"</li>') no_results_html = $('<li class="no-results">No results match "<span></span>"</li>')
no_results_html.find("span").first().text(terms) no_results_html.find("span").first().html(terms)
@search_results.append no_results_html @search_results.append no_results_html
@ -632,6 +632,7 @@ class SelectParser
options_index: @options_index options_index: @options_index
value: option.value value: option.value
text: option.text text: option.text
html: option.innerHTML
selected: option.selected selected: option.selected
disabled: if group_disabled is true then group_disabled else option.disabled disabled: if group_disabled is true then group_disabled else option.disabled
group_array_index: group_position group_array_index: group_position

1
example.jquery.html
View file

@ -809,6 +809,7 @@
<em>Into This</em> <em>Into This</em>
<select title="Choose a Country..." class="chzn-select" multiple style="width:350px;" tabindex="4"> <select title="Choose a Country..." class="chzn-select" multiple style="width:350px;" tabindex="4">
<option value=""></option> <option value=""></option>
<option value="hacked">Hackaroo &lt;script&gt;alert('hack');&lt;/script&gt;</option>
<option value="United States">United States</option> <option value="United States">United States</option>
<option value="United Kingdom">United Kingdom</option> <option value="United Kingdom">United Kingdom</option>
<option value="Afghanistan">Afghanistan</option> <option value="Afghanistan">Afghanistan</option>