Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Version 1.07 breaks templating with HTML
See original GitHub issueThis change in Version 1.07
var formatted = this.display(selection, $rendered);
to
var formatted = Utils.entityDecode(this.display(selection, $rendered));
strips any HTML from the rendered selected item.
This stops you from being able to use html for styling of the selected item, via templating as per the documentation for select2: https://select2.org/selections.
For this reason I have had to dequeue selectWoo in Wordpress and load select2 itself.
Sorry for lack of example - but it is self-evident.
How big a security issue is the un-escaped HTML?
Issue Analytics
- State:
- Created 3 years ago
- Reactions:2
- Comments:5
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
The issue is still causing problems today.
Hello @fabianmarz,
Thanks for the feedback!
I don’t modify the core files since I simply disable the script enqueue to let ACF use the correct select2 JS library instead, as explained in my comment.
I posted the JS code here to explain where the problem come from, so anyone can test the fix with dist files. I already ran multiple version compare on this library and I don’t have the time dig further to point you the exact location of those lines in the source.
So I will let core developers decide if this fix is correct or not. I’m sure they know better where those lines are in source files anyway.
Thanks for the thumbs down!
Have a nice day.
Regards.