diff --git a/chosen/chosen.proto.js b/chosen/chosen.proto.js
index 309e9d4..54426e2 100644
--- a/chosen/chosen.proto.js
+++ b/chosen/chosen.proto.js
@@ -216,7 +216,7 @@
if (data.selected && this.is_multiple) {
this.choice_build(data);
} else if (data.selected && !this.is_multiple) {
- this.selected_item.down("span").update(data.text);
+ this.selected_item.down("span").update(data.html);
}
}
}
@@ -244,7 +244,7 @@
if (option.group_array_index != null) {
classes.push("group-option");
}
- return '
' + option.text + '';
+ return '' + option.html + '';
} else {
return "";
}
@@ -365,9 +365,9 @@
this.choices += 1;
this.search_container.insert({
before: this.choice_temp.evaluate({
- "id": choice_id,
- "choice": item.text,
- "position": item.array_index
+ id: choice_id,
+ choice: item.html,
+ position: item.array_index
})
});
link = $(choice_id).down('a');
@@ -407,7 +407,7 @@
if (this.is_multiple) {
this.choice_build(item);
} else {
- this.selected_item.down("span").update(item.text);
+ this.selected_item.down("span").update(item.html);
}
this.results_hide();
this.search_field.value = "";
@@ -449,7 +449,7 @@
startTime = new Date();
this.no_results_clear();
results = 0;
- searchText = this.search_field.value === this.default_text ? "" : this.search_field.value.strip();
+ searchText = this.search_field.value === this.default_text ? "" : this.search_field.value.strip().escapeHTML();
regex = new RegExp('^' + searchText.replace(/[-[\]{}()*+?.,\\^$|#\s]/g, "\\$&"), 'i');
zregex = new RegExp(searchText.replace(/[-[\]{}()*+?.,\\^$|#\s]/g, "\\$&"), 'i');
_ref = this.results_data;
@@ -461,11 +461,11 @@
} else if (!(this.is_multiple && option.selected)) {
found = false;
result_id = option.dom_id;
- if (regex.test(option.text)) {
+ if (regex.test(option.html)) {
found = true;
results += 1;
- } else if (option.text.indexOf(" ") >= 0 || option.text.indexOf("[") === 0) {
- parts = option.text.replace(/\[|\]/g, "").split(" ");
+ } else if (option.html.indexOf(" ") >= 0 || option.html.indexOf("[") === 0) {
+ parts = option.html.replace(/\[|\]/g, "").split(" ");
if (parts.length) {
for (_j = 0, _len2 = parts.length; _j < _len2; _j++) {
part = parts[_j];
@@ -478,11 +478,11 @@
}
if (found) {
if (searchText.length) {
- startpos = option.text.search(zregex);
- text = option.text.substr(0, startpos + searchText.length) + '' + option.text.substr(startpos + searchText.length);
+ startpos = option.html.search(zregex);
+ text = option.html.substr(0, startpos + searchText.length) + '' + option.html.substr(startpos + searchText.length);
text = text.substr(0, startpos) + '' + text.substr(startpos);
} else {
- text = option.text;
+ text = option.html;
}
if ($(result_id).innerHTML !== text) {
$(result_id).update(text);
@@ -528,7 +528,7 @@
};
Chosen.prototype.no_results = function(terms) {
return this.search_results.insert(this.no_results_temp.evaluate({
- "terms": terms.escapeHTML()
+ terms: terms
}));
};
Chosen.prototype.no_results_clear = function() {
@@ -658,7 +658,7 @@
}
div = new Element('div', {
'style': style_block
- }).update(this.search_field.value);
+ }).update(this.search_field.value.unescapeHTML());
document.body.appendChild(div);
w = Element.measure(div, 'width') + 25;
div.remove();
@@ -726,7 +726,7 @@
};
SelectParser.prototype.add_option = function(option, group_position, group_disabled) {
if (option.nodeName === "OPTION") {
- if (option.innerHTML !== "") {
+ if (option.text !== "") {
if (group_position != null) {
this.parsed[group_position].children += 1;
}
@@ -734,7 +734,8 @@
array_index: this.parsed.length,
options_index: this.options_index,
value: option.value,
- text: option.innerHTML,
+ text: option.text,
+ html: option.innerHTML,
selected: option.selected,
disabled: group_disabled === true ? group_disabled : option.disabled,
group_array_index: group_position
diff --git a/coffee/chosen.proto.coffee b/coffee/chosen.proto.coffee
index f484719..60c7487 100644
--- a/coffee/chosen.proto.coffee
+++ b/coffee/chosen.proto.coffee
@@ -189,7 +189,7 @@ class Chosen
if data.selected and @is_multiple
this.choice_build data
else if data.selected and not @is_multiple
- @selected_item.down("span").update( data.text )
+ @selected_item.down("span").update( data.html )
this.show_search_field_default()
this.search_field_scale()
@@ -213,7 +213,7 @@ class Chosen
classes.push "result-selected" if option.selected
classes.push "group-option" if option.group_array_index?
- '' + option.text + ''
+ '' + option.html + ''
else
""
@@ -313,7 +313,11 @@ class Chosen
choice_build: (item) ->
choice_id = @container_id + "_c_" + item.array_index
@choices += 1
- @search_container.insert { before: @choice_temp.evaluate({"id":choice_id, "choice":item.text, "position":item.array_index}) }
+ @search_container.insert
+ before: @choice_temp.evaluate
+ id: choice_id
+ choice: item.html
+ position: item.array_index
link = $(choice_id).down('a')
link.observe "click", (evt) => this.choice_destroy_link_click(evt)
@@ -352,7 +356,7 @@ class Chosen
if @is_multiple
this.choice_build item
else
- @selected_item.down("span").update(item.text)
+ @selected_item.down("span").update(item.html)
this.results_hide()
@search_field.value = ""
@@ -392,7 +396,7 @@ class Chosen
results = 0
- searchText = if @search_field.value is @default_text then "" else @search_field.value.strip()
+ searchText = if @search_field.value is @default_text then "" else @search_field.value.strip().escapeHTML()
regex = new RegExp('^' + searchText.replace(/[-[\]{}()*+?.,\\^$|#\s]/g, "\\$&"), 'i')
zregex = new RegExp(searchText.replace(/[-[\]{}()*+?.,\\^$|#\s]/g, "\\$&"), 'i')
@@ -404,12 +408,12 @@ class Chosen
found = false
result_id = option.dom_id
- if regex.test option.text
+ if regex.test option.html
found = true
results += 1
- else if option.text.indexOf(" ") >= 0 or option.text.indexOf("[") == 0
+ else if option.html.indexOf(" ") >= 0 or option.html.indexOf("[") == 0
#TODO: replace this substitution of /\[\]/ with a list of characters to skip.
- parts = option.text.replace(/\[|\]/g, "").split(" ")
+ parts = option.html.replace(/\[|\]/g, "").split(" ")
if parts.length
for part in parts
if regex.test part
@@ -418,11 +422,11 @@ class Chosen
if found
if searchText.length
- startpos = option.text.search zregex
- text = option.text.substr(0, startpos + searchText.length) + '' + option.text.substr(startpos + searchText.length)
+ startpos = option.html.search zregex
+ text = option.html.substr(0, startpos + searchText.length) + '' + option.html.substr(startpos + searchText.length)
text = text.substr(0, startpos) + '' + text.substr(startpos)
else
- text = option.text
+ text = option.html
$(result_id).update text if $(result_id).innerHTML != text
@@ -455,7 +459,7 @@ class Chosen
this.result_do_highlight do_high
no_results: (terms) ->
- @search_results.insert @no_results_temp.evaluate({"terms":terms.escapeHTML()})
+ @search_results.insert @no_results_temp.evaluate( terms: terms )
no_results_clear: ->
nr = null
@@ -551,7 +555,7 @@ class Chosen
for style in styles
style_block += style + ":" + @search_field.getStyle(style) + ";"
- div = new Element('div', { 'style' : style_block }).update(@search_field.value)
+ div = new Element('div', { 'style' : style_block }).update(@search_field.value.unescapeHTML())
document.body.appendChild(div)
w = Element.measure(div, 'width') + 25
@@ -603,14 +607,15 @@ class SelectParser
add_option: (option, group_position, group_disabled) ->
if option.nodeName is "OPTION"
- if option.innerHTML != ""
+ if option.text != ""
if group_position?
@parsed[group_position].children += 1
@parsed.push
array_index: @parsed.length
options_index: @options_index
value: option.value
- text: option.innerHTML
+ text: option.text
+ html: option.innerHTML
selected: option.selected
disabled: if group_disabled is true then group_disabled else option.disabled
group_array_index: group_position