diff options
| author | Scott González <scott.gonzalez@gmail.com> | 2010-07-19 15:45:30 -0400 |
|---|---|---|
| committer | Scott González <scott.gonzalez@gmail.com> | 2010-07-19 15:45:30 -0400 |
| commit | 1f2cfb942f8ac5549b1fe3172501e3486415530e (patch) | |
| tree | e675788946bbe39bf323bfcb854a87c74ad1a04f /ui | |
| parent | 7deb873c51ede9fb5e8b23949ccc4dda58650770 (diff) | |
| download | jquery-ui-1f2cfb942f8ac5549b1fe3172501e3486415530e.tar.gz jquery-ui-1f2cfb942f8ac5549b1fe3172501e3486415530e.zip | |
Autocomplete: Render items as text, not HTML. Fixes #5275 - suggestions are not html-encoded.
As noted in the ticket, it's probably better to default to unstyled items to prevent problems. Users can still implement their own rendering method as shown in the custom data and display demo.
Diffstat (limited to 'ui')
| -rw-r--r-- | ui/jquery.ui.autocomplete.js | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/ui/jquery.ui.autocomplete.js b/ui/jquery.ui.autocomplete.js index c25a8884f..27bfe941c 100644 --- a/ui/jquery.ui.autocomplete.js +++ b/ui/jquery.ui.autocomplete.js @@ -304,7 +304,7 @@ $.widget( "ui.autocomplete", { _renderItem: function( ul, item) { return $( "<li></li>" ) .data( "item.autocomplete", item ) - .append( "<a>" + item.label + "</a>" ) + .append( $( "<a></a>" ).text( item.label ) ) .appendTo( ul ); }, |