#6639 closed enhancement (worksforme)

Opened November 09, 2010 01:57PM UTC

Closed November 09, 2010 02:08PM UTC

Last modified October 11, 2012 09:15PM UTC

ui.autocomplete does not encode params prior to getJSON call

Reported by:	paul.morgan	Owned by:
Priority:	minor	Milestone:
Component:	ui.autocomplete	Version:	1.8.6
Keywords:	autocomplete encode encodeURIComponent getJSON XHR	Cc:
Blocked by:		Blocking:

The Autocomplete plugin does not encode user input "out of the box" when using a remote data source - it just pipes it straight into a getJSON call.

As you can imagine, depending on the data sent, you may or may not get away with this.

This can be sorted out by including:

var prop;
for(prop in request) {
   request[prop] = encodeURIComponent(request[prop]);
}

...prior to the getJSON() call on line 248.

Please find attached a copy of the unminified autocomplete source with this added.

Note the new lines of code on 237, 249-251.

Attachments (1)

jquery.ui.autocomplete_withEncodeURIComponent.js (15.6 KB) - added by paul.morgan November 09, 2010 01:58PM UTC.

Version of ui.autocomplete 1.8.6 which uses encodeURIComponent() when using a remote data source

Change History (2)

resolution:	→ worksforme
status:	new → closed

$.getJSON delegates to $.get, which delegates to $.ajax, which uses $.param to serialize the data, which eventually uses encodeURIComponent.

If there's some way to send data without hitting encodeURIComponent, please provide a testcase.

milestone:	TBD

Milestone TBD deleted