Bug Tracker

Ticket #2844 (new bug)

Opened 7 months ago

Last modified 7 months ago

Autocomplete plugin uses innerHTML and causes troubles on XHTML pages

Reported by: Messere Assigned to: joern
Type: bug Priority: major
Milestone: Component: plugin
Version: Keywords: autocomplete xhtml innerHTML createTextNode
Cc: Needs: Review

Description

In dataToDom and findValueCallback methods innerHTML properity is used to fill list elements with results. While this is tolerable for HTML4 formatted pages it breaks plugin in XHTML environment.

Consider server side script returning results that contain ampersand ("A&M" for example). If you return it without modification it'll create the following invalid DOM: 

<ul>
<li>A&M</li>
</ul>

(that happens because innerHTML does not properly escape passed value and does not convert & to entity &amp;).

If you return "A&amp;M" from server side script it'll create valid DOM, but will put invalid value in select element ("A&amp;M" instead of "A&M"), so this is not a good solution.

The right thing to do to use document.createTextNode() method instead of innerHTML: 

var li = document.createElement("li");
var tn = document.createTextNode(row[0]);
li.appendChild(tn);

Attachments

Change History

Changed 7 months ago by flesler

  • owner set to joern
Note: See TracTickets for help on using tickets.