Skip to content

Find a way to safely match on options.text #1150

@pfiller

Description

@pfiller

When Chosen was built, searches matched on options.text, not on options.html. This created a possible xss issue that needed to be addressed. You can read the thread for all the details, but the path chosen at the time was to match on options.html.

It is clear at this point that demand exists for matching on options.text (#581, #1119, #927, #905, #807) that we should find a way to do this safely (perhaps adding it as a configureable "use at your own risk" option).

Any PR that closes this issue must demonstrate clearly that it can fix the issues discovered in #73.

Metadata

Metadata

Assignees

No one assigned

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions