fix(dropdown): sanitize initial values to prevent xss on firefox & ie

fomantic · Aug 23, 2019 · f7c24ac · f7c24ac
1 parent e5468c7
commit f7c24ac
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/src/definitions/modules/dropdown.js b/src/definitions/modules/dropdown.js
@@ -1865,7 +1865,7 @@ $.fn.dropdown = function(parameters) {
             }
             return ( !module.has.selectInput() && module.is.multiple() )
               ? (typeof value == 'string') // delimited string
-                ? value.split(settings.delimiter)
+                ? module.escape.htmlEntities(value).split(settings.delimiter)
                 : ''
               : value
             ;