Bug Tracker

Opened 9 years ago

Closed 9 years ago

Last modified 5 years ago

#6780 closed bug (invalid)

HTML/character entities not handled

Reported by: kbwood Owned by:
Priority: Milestone: 1.4.3
Component: attributes Version: 1.4.2
Keywords: Cc:
Blocked by: Blocking:

Description

The attr and val functions don't handle/convert HTML and character entities. For example:

$('#input').attr({title: 'søntag'}).val('søntag');

shows this exact text instead of resolving ø to ø.

Change History (3)

comment:1 Changed 9 years ago by dmethvin

Component: unfiledattributes
Resolution: invalid
Status: newclosed

This seems compatible with the behavior of the underlying DOM apis, so I don't think it's a bug:

$('input')[0].value = 'søntag'; 
$('input')[0].setAttribute('title', 'søntag'); 

If you need to translate HTML entities to text, it's easy enough:

var text = $('<div />').html('s&#248;ntag').text();

comment:2 Changed 8 years ago by courtlandallen@…

Instead of using HTML entities, use unicode. For example, instead of this:

$('input').val('Click here &raquo;');

Do this:

$('input').val('Click here \u00BB');

comment:3 in reply to:  1 Changed 5 years ago by anonymous

Please note that in the example or translating entities to text, using a div can be dangerous if decoding any sort of unsafe data (like user input), due to the possibility of XSS injection. It is generally safer (although not 100%) to use a textarea for this instead

$('<textarea />').html('s&#248;ntag').text();

Replying to dmethvin:

This seems compatible with the behavior of the underlying DOM apis, so I don't think it's a bug:

$('input')[0].value = 's&#248;ntag'; 
$('input')[0].setAttribute('title', 's&#248;ntag'); 

If you need to translate HTML entities to text, it's easy enough:

var text = $('<div />').html('s&#248;ntag').text();
Note: See TracTickets for help on using tickets.