bugfix: escape html special chars in <td> (issue handsontable#19, tha…

…nks @kimwz)
maheshbabu · Jun 15, 2012 · 6c198ca · 6c198ca
1 parent db7a0fb
commit 6c198ca
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/jquery.handsontable.js b/jquery.handsontable.js
@@ -1740,7 +1740,7 @@
         default:
           value = '';
       }
-      td.innerHTML = value.replace(/\n/g, '<br/>');
+      td.innerHTML = value.replace(/\n/g, '<br/>').replace(/&/g, "&amp;").replace(/</g, "&lt;").replace(/>/g, "&gt;").replace(/"/g, "&quot;").replace(/'/g, "&#039;"); //escape html special chars
       datamap.set(row, col, value);
       grid.updateLegend({row: row, col: col});
       return td;