-
Notifications
You must be signed in to change notification settings - Fork 733
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
w2grid markSearch() not properly escaping values when highlighting search results #2490
Comments
Upon further inspection, it seems like the |
I need an example. I cannot replicate it. Can you create JS fiddle? I tried to use |
I made a JS Fiddle here: https://jsfiddle.net/7rja0f53/ |
Currently in our grid we have emails contained in
<
and>
(e.g.Test User <[email protected]>
). We can properly escape them with our own function so it displays properly in the grid without an issue. However, when you perform a search (e.g. search for "test") it seems like in w2utils.js converts any properly escaped values into HTML anyway, which breaks the display and adds an extra malformed<span>
tag with some info in it.It seems like some regex is used to clear the markers/add markers which could probably be changed to building actual DOM elements to avoid any HTML injection as well. For now we've turned highlighting off but it is a nice UI feature that we'd like to use.
The text was updated successfully, but these errors were encountered: