Skip to content

fix: preserve raw option values with secure text#482

Open
oiahoon wants to merge 1 commit into
sa-si-dev:masterfrom
oiahoon:fix/preserve-secure-option-values
Open

fix: preserve raw option values with secure text#482
oiahoon wants to merge 1 commit into
sa-si-dev:masterfrom
oiahoon:fix/preserve-secure-option-values

Conversation

@oiahoon

@oiahoon oiahoon commented Jul 11, 2026

Copy link
Copy Markdown

Issue number: resolves #455


What is the current behavior?

When enableSecureText is enabled, option values are converted to HTML entities while options are prepared. A later dataset update preserves that entity string, so selecting a value such as < writes ["&lt;"] to the hidden form input.

What is the new behavior?

  • keep option values in their original form for selection, API, and form submission
  • escape values only when interpolating them into option HTML attributes
  • preserve secure label rendering and attribute-injection protection
  • cover existing and dynamically added values with Cypress regression tests

Does this introduce a breaking change?

  • Yes
  • No

Other information

  • npm run build
  • npm run validate
  • complete Cypress suite: 237 passing tests across 8 specs
  • npm pack --dry-run
  • browser verification on desktop and 390x844: hidden input contains ["<"], label renders as text, no injected image, no horizontal overflow, and no console errors

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Values become HTML-encoded

1 participant