escape default text (#2712)

* add data-placeholder specs * escape default text fixes #2314
harvesthq · Oct 11, 2016 · ec1a1fd · ec1a1fd
1 parent 36c0617
commit ec1a1fd
Show file tree

Hide file tree

Showing 5 changed files with 83 additions and 2 deletions.
diff --git a/coffee/chosen.jquery.coffee b/coffee/chosen.jquery.coffee
@@ -406,7 +406,10 @@ class Chosen extends AbstractChosen
     @search_field.val()
 
   get_search_text: ->
-    $('<div/>').text($.trim(this.get_search_field_value())).html()
+    this.escape_html $.trim(this.get_search_field_value())
+
+  escape_html: (text) ->
+    $('<div/>').text(text).html()
 
   winnow_results_set_highlight: ->
     selected_results = if not @is_multiple then @search_results.find(".result-selected.active-result") else []

diff --git a/coffee/chosen.proto.coffee b/coffee/chosen.proto.coffee
@@ -396,7 +396,10 @@ class @Chosen extends AbstractChosen
     @search_field.value
 
   get_search_text: ->
-    this.get_search_field_value().strip().escapeHTML()
+    this.escape_html this.get_search_field_value().strip()
+
+  escape_html: (text) ->
+    text.escapeHTML()
 
   winnow_results_set_highlight: ->
     if not @is_multiple

diff --git a/coffee/lib/abstract-chosen.coffee b/coffee/lib/abstract-chosen.coffee
@@ -45,6 +45,8 @@ class AbstractChosen
     else
       @default_text = @options.placeholder_text_single || @options.placeholder_text || AbstractChosen.default_single_text
 
+    @default_text = this.escape_html(@default_text)
+
     @results_none_found = @form_field.getAttribute("data-no_results_text") || @options.no_results_text || AbstractChosen.default_no_result_text
 
   choice_label: (item) ->

diff --git a/spec/jquery/basic.spec.coffee b/spec/jquery/basic.spec.coffee
@@ -31,3 +31,36 @@ describe "Basic setup", ->
 
     expect(select.val()).toBe "Afghanistan"
 
+  describe "data-placeholder", ->
+
+    it "should render", ->
+      tmpl = "
+        <select data-placeholder='Choose a Country...'>
+          <option value=''></option>
+          <option value='United States'>United States</option>
+          <option value='United Kingdom'>United Kingdom</option>
+          <option value='Afghanistan'>Afghanistan</option>
+        </select>
+      "
+      div = $("<div>").html(tmpl)
+      select = div.find("select")
+      expect(select.size()).toBe(1)
+      select.chosen()
+      placeholder = div.find(".chosen-single > span")
+      expect(placeholder.text()).toBe("Choose a Country...")
+
+    it "should render with special characters", ->
+      tmpl = "
+        <select data-placeholder='&lt;None&gt;'>
+          <option value=''></option>
+          <option value='United States'>United States</option>
+          <option value='United Kingdom'>United Kingdom</option>
+          <option value='Afghanistan'>Afghanistan</option>
+        </select>
+      "
+      div = $("<div>").html(tmpl)
+      select = div.find("select")
+      expect(select.size()).toBe(1)
+      select.chosen()
+      placeholder = div.find(".chosen-single > span")
+      expect(placeholder.text()).toBe("<None>")
diff --git a/spec/proto/basic.spec.coffee b/spec/proto/basic.spec.coffee
@@ -35,3 +35,43 @@ describe "Basic setup", ->
 
     expect($F(select)).toBe "Afghanistan"
     div.remove()
+
+  describe "data-placeholder", ->
+
+    it "should render", ->
+      tmpl = "
+        <select data-placeholder='Choose a Country...'>
+          <option value=''></option>
+          <option value='United States'>United States</option>
+          <option value='United Kingdom'>United Kingdom</option>
+          <option value='Afghanistan'>Afghanistan</option>
+        </select>
+      "
+      div = new Element("div")
+      document.body.insert(div)
+      div.update(tmpl)
+      select = div.down("select")
+      expect(select).toBeDefined()
+      new Chosen(select)
+
+      placeholder = div.down(".chosen-single > span")
+      expect(placeholder.innerText).toBe("Choose a Country...")
+
+    it "should render with special characters", ->
+      tmpl = "
+        <select data-placeholder='&lt;None&gt;'>
+          <option value=''></option>
+          <option value='United States'>United States</option>
+          <option value='United Kingdom'>United Kingdom</option>
+          <option value='Afghanistan'>Afghanistan</option>
+        </select>
+      "
+      div = new Element("div")
+      document.body.insert(div)
+      div.update(tmpl)
+      select = div.down("select")
+      expect(select).toBeDefined()
+      new Chosen(select)
+
+      placeholder = div.down(".chosen-single > span")
+      expect(placeholder.innerText).toBe("<None>")