Merge pull request #983 from Choices-js/patch-1

Fix Sanitization of > Characters

src/scripts/components/input.test.ts

@@ -315,7 +315,7 @@ describe('components/input', () => {
       const value = '<script>somethingMalicious();</script>';
       instance.element.value = value;
       expect(instance.value).to.equal(
-        '&lt;script&rt;somethingMalicious();&lt;/script&rt;',
+        '&lt;script&gt;somethingMalicious();&lt;/script&gt;',
       );
     });
   });

src/scripts/lib/utils.test.ts

@@ -1,19 +1,20 @@
 /* eslint-disable no-new-wrappers */
 import { expect } from 'chai';
 import { stub } from 'sinon';
+
 import {
-  getRandomNumber,
+  cloneObject,
+  diff,
+  dispatchEvent,
+  existsInArray,
   generateChars,
   generateId,
+  getRandomNumber,
   getType,
   isType,
   sanitise,
   sortByAlpha,
   sortByScore,
-  existsInArray,
-  cloneObject,
-  dispatchEvent,
-  diff,
 } from './utils';
 
 describe('utils', () => {
@@ -113,7 +114,7 @@ describe('utils', () => {
         const value = '<script>somethingMalicious();</script>';
         const output = sanitise(value);
         expect(output).to.equal(
-          '&lt;script&rt;somethingMalicious();&lt;/script&rt;',
+          '&lt;script&gt;somethingMalicious();&lt;/script&gt;',
         );
       });
     });

src/scripts/lib/utils.ts

@@ -93,7 +93,7 @@ export const sanitise = <T>(value: T | string): T | string => {
 
   return value
     .replace(/&/g, '&amp;')
-    .replace(/>/g, '&rt;')
+    .replace(/>/g, '&gt;')
     .replace(/</g, '&lt;')
     .replace(/"/g, '&quot;');
 };