aboutsummaryrefslogtreecommitdiffstats
path: root/demos/autocomplete
diff options
context:
space:
mode:
authorScott González <scott.gonzalez@gmail.com>2012-11-27 10:52:19 -0500
committerScott González <scott.gonzalez@gmail.com>2012-11-27 10:52:40 -0500
commit5fee6fd5000072ff32f2d65b6451f39af9e0e39e (patch)
treea3fcc53b9686400d5a05163304f5878a235d4fe3 /demos/autocomplete
parentc4b7c754eedf10923f588cf6310f610fcd0c37a9 (diff)
downloadjquery-ui-5fee6fd5000072ff32f2d65b6451f39af9e0e39e.tar.gz
jquery-ui-5fee6fd5000072ff32f2d65b6451f39af9e0e39e.zip
Autocomplete demo: Combobox: Encode search term inside tooltips. Fixes #8859 - Autocomplete: XSS in combobox demo.
Diffstat (limited to 'demos/autocomplete')
-rw-r--r--demos/autocomplete/combobox.html2
1 files changed, 1 insertions, 1 deletions
diff --git a/demos/autocomplete/combobox.html b/demos/autocomplete/combobox.html
index 6229d47b2..8c6f59fc1 100644
--- a/demos/autocomplete/combobox.html
+++ b/demos/autocomplete/combobox.html
@@ -61,7 +61,7 @@
// remove invalid value, as it didn't match anything
$( element )
.val( "" )
- .attr( "title", value + " didn't match any item" )
+ .attr( "title", $( "<a>" ).text( value ).html() + " didn't match any item" )
.tooltip( "open" );
select.val( "" );
setTimeout(function() {