thekid · September 26, 2018 13:15
diff --git a/Semantic-UI-issue-4592.diff b/Semantic-UI-issue-4592.diff
 --- semantic-2.2.13.js	2017-08-07 18:18:56.000000000 +0200
 +++ src/main/webapp/static/vendor/semantic/semantic.js	2017-09-05 17:27:14.484722700 +0200
 @@ -4564,11 +4564,12 @@
             ;
             $.each(values, function(index, value) {
               if(module.get.item(value) === false) {
 +                var escapedValue = module.escape.value(value);
                 html         = settings.templates.addition( module.add.variables(message.addResult, value) );
                 $userChoice  = $('<div />')
                   .html(html)
                   .attr('data-' + metadata.value, value)
 -                  .attr('data-' + metadata.text, value)
 +                  .attr('data-' + metadata.text, escapedValue)
                   .addClass(className.addition)
                   .addClass(className.item)
                 ;
 @@ -4591,8 +4592,9 @@
             if(userValues) {
               module.debug('Adding user labels', userValues);
               $.each(userValues, function(index, value) {
 +                var escapedValue = module.escape.value(value);
                 module.verbose('Adding custom user value');
 -                module.add.label(value, value);
 +                module.add.label(value, escapedValue);
               });
             }
           },
 @@ -6814,7 +6816,7 @@
               module.debug('Updating input value', escapedValue, currentValue);
               internalChange = true;
               $input
 -                .val(escapedValue)
 +                .val(value)
               ;
               if(settings.fireOnInit === false && module.is.initialLoad()) {
                 module.debug('Input native change event ignored on initial load');
 @@ -6939,7 +6941,7 @@
             ;
             $label =  $('<a />')
               .addClass(className.label)
 -              .attr('data-' + metadata.value, escapedValue)
 +              .attr('data-' + metadata.value, value)
               .html(templates.label(escapedValue, text))
             ;
             $label = settings.onLabelCreate.call($label, escapedValue, text);
 @@ -7397,7 +7399,7 @@
               escapedValue = module.escape.value(value),
               $labels      = $module.find(selector.label)
             ;
 -            return ($labels.filter('[data-' + metadata.value + '="' + module.escape.string(escapedValue) +'"]').length > 0);
 +            return ($labels.filter('[data-' + metadata.value + '="' + module.escape.string(value) +'"]').length > 0);
           },
           maxSelections: function() {
             return (settings.maxSelections && module.get.selectionCount() >= settings.maxSelections);
 @@ -7775,20 +7777,29 @@
               multipleValues = $.isArray(value),
               stringValue    = (typeof value === 'string'),
               isUnparsable   = (!stringValue && !multipleValues),
 -              hasQuotes      = (stringValue && value.search(regExp.quote) !== -1),
 -              values         = []
 +              badChars       = /[&<>"]/g,
 +              escape         = {
 +                "&": "&amp;",
 +                "<": "&lt;",
 +                ">": "&gt;",
 +                '"': "&quot;",
 +              },
 +              escapedChar    = function(chr) {
 +                return escape[chr];
 +              }
             ;
 -            if(isUnparsable || !hasQuotes) {
 +
 +            if(isUnparsable) {
               return value;
             }
             module.debug('Encoding quote values for use in select', value);
             if(multipleValues) {
               $.each(value, function(index, value){
 -                values.push(value.replace(regExp.quote, '&quot;'));
 +                values.push(value.replace(badChars, escapedChar));
               });
               return values;
             }
 -            return value.replace(regExp.quote, '&quot;');
 +            return value.replace(badChars, escapedChar);
           },
           string: function(text) {
             text =  String(text);
 @@ -8083,7 +8094,7 @@
   },
 
   regExp : {
 -    escape   : /[-[\]{}()*+?.,\\^$|#\s]/g,
 +    escape   : /[-[\]{}()*+?.,"\\^$|#\s]/g,
     quote    : /"/g
   },
	--- semantic-2.2.13.js 2017-08-07 18:18:56.000000000 +0200
	+++ src/main/webapp/static/vendor/semantic/semantic.js 2017-09-05 17:27:14.484722700 +0200
	@@ -4564,11 +4564,12 @@
	;
	$.each(values, function(index, value) {
	if(module.get.item(value) === false) {
	+ var escapedValue = module.escape.value(value);
	html = settings.templates.addition( module.add.variables(message.addResult, value) );
	$userChoice = $('<div />')
	.html(html)
	.attr('data-' + metadata.value, value)
	- .attr('data-' + metadata.text, value)
	+ .attr('data-' + metadata.text, escapedValue)
	.addClass(className.addition)
	.addClass(className.item)
	;
	@@ -4591,8 +4592,9 @@
	if(userValues) {
	module.debug('Adding user labels', userValues);
	$.each(userValues, function(index, value) {
	+ var escapedValue = module.escape.value(value);
	module.verbose('Adding custom user value');
	- module.add.label(value, value);
	+ module.add.label(value, escapedValue);
	});
	}
	},
	@@ -6814,7 +6816,7 @@
	module.debug('Updating input value', escapedValue, currentValue);
	internalChange = true;
	$input
	- .val(escapedValue)
	+ .val(value)
	;
	if(settings.fireOnInit === false && module.is.initialLoad()) {
	module.debug('Input native change event ignored on initial load');
	@@ -6939,7 +6941,7 @@
	;
	$label = $('<a />')
	.addClass(className.label)
	- .attr('data-' + metadata.value, escapedValue)
	+ .attr('data-' + metadata.value, value)
	.html(templates.label(escapedValue, text))
	;
	$label = settings.onLabelCreate.call($label, escapedValue, text);
	@@ -7397,7 +7399,7 @@
	escapedValue = module.escape.value(value),
	$labels = $module.find(selector.label)
	;
	- return ($labels.filter('[data-' + metadata.value + '="' + module.escape.string(escapedValue) +'"]').length > 0);
	+ return ($labels.filter('[data-' + metadata.value + '="' + module.escape.string(value) +'"]').length > 0);
	},
	maxSelections: function() {
	return (settings.maxSelections && module.get.selectionCount() >= settings.maxSelections);
	@@ -7775,20 +7777,29 @@
	multipleValues = $.isArray(value),
	stringValue = (typeof value === 'string'),
	isUnparsable = (!stringValue && !multipleValues),
	- hasQuotes = (stringValue && value.search(regExp.quote) !== -1),
	- values = []
	+ badChars = /[&<>"]/g,
	+ escape = {
	+ "&": "&",
	+ "<": "<",
	+ ">": ">",
	+ '"': """,
	+ },
	+ escapedChar = function(chr) {
	+ return escape[chr];
	+ }
	;
	- if(isUnparsable \|\| !hasQuotes) {
	+
	+ if(isUnparsable) {
	return value;
	}
	module.debug('Encoding quote values for use in select', value);
	if(multipleValues) {
	$.each(value, function(index, value){
	- values.push(value.replace(regExp.quote, '"'));
	+ values.push(value.replace(badChars, escapedChar));
	});
	return values;
	}
	- return value.replace(regExp.quote, '"');
	+ return value.replace(badChars, escapedChar);
	},
	string: function(text) {
	text = String(text);
	@@ -8083,7 +8094,7 @@
	},

	regExp : {
	- escape : /[-[\]{}()*+?.,\\^$\|#\s]/g,
	+ escape : /[-[\]{}()*+?.,"\\^$\|#\s]/g,
	quote : /"/g
	},
No results found