Side navigation
#6780 closed bug (invalid)
Opened July 09, 2010 04:32AM UTC
Closed July 11, 2010 06:07PM UTC
Last modified April 17, 2014 06:34PM UTC
HTML/character entities not handled
| Reported by: | kbwood | Owned by: | |
|---|---|---|---|
| Priority: | Milestone: | 1.4.3 | |
| Component: | attributes | Version: | 1.4.2 |
| Keywords: | Cc: | ||
| Blocked by: | Blocking: |
Description
The attr and val functions don't handle/convert HTML and character entities. For example:
$('#input').attr({title: 'søntag'}).val('søntag');
shows this exact text instead of resolving ø to ø.
Attachments (0)
Change History (3)
Changed July 11, 2010 06:07PM UTC by comment:1
| component: | unfiled → attributes |
|---|---|
| resolution: | → invalid |
| status: | new → closed |
Changed April 01, 2011 01:36AM UTC by comment:2
Instead of using HTML entities, use unicode. For example, instead of this:
$('input').val('Click here »');
Do this:
$('input').val('Click here \\u00BB');
Changed April 17, 2014 06:34PM UTC by comment:3
Please note that in the example or translating entities to text, using a div can be dangerous if decoding any sort of unsafe data (like user input), due to the possibility of XSS injection. It is generally safer (although not 100%) to use a textarea for this instead
$('<textarea />').html('søntag').text();
Replying to [comment:1 dmethvin]:
This seems compatible with the behavior of the underlying DOM apis, so I don't think it's a bug:> $('input')[0].value = 'søntag'; > $('input')[0].setAttribute('title', 'søntag'); >If you need to translate HTML entities to text, it's easy enough:> var text = $('<div />').html('søntag').text(); >
This seems compatible with the behavior of the underlying DOM apis, so I don't think it's a bug:
$('input')[0].value = 'søntag'; $('input')[0].setAttribute('title', 'søntag');If you need to translate HTML entities to text, it's easy enough:
var text = $('<div />').html('søntag').text();