From: Scott González Date: Tue, 27 Nov 2012 15:52:19 +0000 (-0500) Subject: Autocomplete demo: Combobox: Encode search term inside tooltips. Fixes #8859 - Autoco... X-Git-Tag: 1.10.0-beta.1~75 X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=5fee6fd5000072ff32f2d65b6451f39af9e0e39e;p=jquery-ui.git Autocomplete demo: Combobox: Encode search term inside tooltips. Fixes #8859 - Autocomplete: XSS in combobox demo. --- diff --git a/demos/autocomplete/combobox.html b/demos/autocomplete/combobox.html index 6229d47b2..8c6f59fc1 100644 --- a/demos/autocomplete/combobox.html +++ b/demos/autocomplete/combobox.html @@ -61,7 +61,7 @@ // remove invalid value, as it didn't match anything $( element ) .val( "" ) - .attr( "title", value + " didn't match any item" ) + .attr( "title", $( "" ).text( value ).html() + " didn't match any item" ) .tooltip( "open" ); select.val( "" ); setTimeout(function() {