Autocomplete widget escapes provided values #103

tonthon opened this Issue Jul 11, 2012 · 4 comments

3 participants


When using widget.AutocompleteWidget, the values provided are escaped.
For example when providing

 [u"John & Son"]

The resulting generated javascript is :

$('#' + oid).autocomplete({source: ["John & Son"] ...

In :

- $('#' + oid).autocomplete({source: ${values}});
+ $('#' + oid).autocomplete({source: ${structure:values}});

Fix the issue.

@tonthon tonthon referenced this issue in Pylons/deformdemo Sep 20, 2012

Adding test case for deform #103 issue #13

Pylons Project member

Hi, Can you provide a patch for deform itself ?

Pylons Project member

Note to self: what if someone has a ">" in one of their values?

Pylons Project member

Possibly need CDATA tag.. and.. who fucking knows. I don't.

@kiorky kiorky closed this in e321bd8 Sep 21, 2012
@kiorky kiorky reopened this Sep 21, 2012

Maybe using bleach to whitelist some html tags could be an option

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment