From ae03170984d2628557bcf752f04d51de1543726c Mon Sep 17 00:00:00 2001
From: Rohan Mitchell <rohan@rohanmitchell.com>
Date: Fri, 19 Feb 2016 16:06:19 +1100
Subject: [PATCH] Sanitize input for ofn-select2

---
 .../admin/index_utils/directives/ofn-select2.js.coffee        | 4 +++-
 .../javascripts/admin/index_utils/index_utils.js.coffee       | 2 +-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/app/assets/javascripts/admin/index_utils/directives/ofn-select2.js.coffee b/app/assets/javascripts/admin/index_utils/directives/ofn-select2.js.coffee
index ba7a4b54df..ec454e9216 100644
--- a/app/assets/javascripts/admin/index_utils/directives/ofn-select2.js.coffee
+++ b/app/assets/javascripts/admin/index_utils/directives/ofn-select2.js.coffee
@@ -1,4 +1,4 @@
-angular.module("admin.indexUtils").directive "ofnSelect2", ($timeout, blankOption) ->
+angular.module("admin.indexUtils").directive "ofnSelect2", ($sanitize, $timeout) ->
   require: 'ngModel'
   restrict: 'C'
   scope:
@@ -10,6 +10,8 @@ angular.module("admin.indexUtils").directive "ofnSelect2", ($timeout, blankOptio
     $timeout ->
       scope.text ||= 'name'
       scope.data.unshift(scope.blank) if scope.blank? && typeof scope.blank is "object"
+
+      item.name = $sanitize(item.name) for item in scope.data
       element.select2
         minimumResultsForSearch: scope.minSearch || 0
         data: { results: scope.data, text: scope.text }
diff --git a/app/assets/javascripts/admin/index_utils/index_utils.js.coffee b/app/assets/javascripts/admin/index_utils/index_utils.js.coffee
index adcd68e3c5..5e5b5cadf2 100644
--- a/app/assets/javascripts/admin/index_utils/index_utils.js.coffee
+++ b/app/assets/javascripts/admin/index_utils/index_utils.js.coffee
@@ -1 +1 @@
-angular.module("admin.indexUtils", ['ngResource', 'templates']).config ($httpProvider) ->
  $httpProvider.defaults.headers.common["X-CSRF-Token"] = $("meta[name=csrf-token]").attr("content");
  $httpProvider.defaults.headers.common["Accept"] = "application/json, text/javascript, */*";
\ No newline at end of file
+angular.module("admin.indexUtils", ['ngResource', 'ngSanitize', 'templates']).config ($httpProvider) ->
  $httpProvider.defaults.headers.common["X-CSRF-Token"] = $("meta[name=csrf-token]").attr("content");
  $httpProvider.defaults.headers.common["Accept"] = "application/json, text/javascript, */*";
\ No newline at end of file