w2grid markSearch() not properly escaping values when highlighting search results

[ryanjbudhu]

Currently in our grid we have emails contained in < and > (e.g. Test User <[email protected]>). We can properly escape them with our own function so it displays properly in the grid without an issue. However, when you perform a search (e.g. search for "test") it seems like in w2utils.js converts any properly escaped values into HTML anyway, which breaks the display and adds an extra malformed <span> tag with some info in it.

It seems like some regex is used to clear the markers/add markers which could probably be changed to building actual DOM elements to avoid any HTML injection as well. For now we've turned highlighting off but it is a nice UI feature that we'd like to use.

[ryanjbudhu]

Upon further inspection, it seems like the recordTitles property of w2grid actually affects this. Having that option on for the grid will result in the broken cell value (and in turn broken title as well).

[vitmalina]

I need an example. I cannot replicate it. Can you create JS fiddle?

I tried to use < and > and it seems to work. It's unlikely to work with search though

[ryanjbudhu]

I made a JS Fiddle here: https://jsfiddle.net/7rja0f53/
Just use the search (with advanced on) to search for "doe" and see that it reformats the email column cell texts to look weird.

[ryanjbudhu]

It also messes up the text displaying in the "title" (on hover):