e835ddc5b800c47f7e9e32a91cc522f8ca7ced5c Fix: If an array was passed to the HTML escape entities function it would not have its contents escaped

AllanJard · AllanJard · commit 59a8d3f8a3c1 · 2021-09-21T11:40:51.000+01:00
Many thanks to Alessio Della Libera of Snyk for finding and reporting this.

Sync to source repo @e835ddc5b800c47f7e9e32a91cc522f8ca7ced5c
diff --git a/datatables.json b/datatables.json
@@ -9,5 +9,5 @@
     ],
     "src-repo": "http://github.com/DataTables/DataTablesSrc",
     "last-tag": "1.11.2",
-    "last-sync": "ea607c6e51e76d13efc341b5d41f5082a33b56e0"
+    "last-sync": "e835ddc5b800c47f7e9e32a91cc522f8ca7ced5c"
 }
diff --git a/js/jquery.dataTables.js b/js/jquery.dataTables.js
@@ -15064,6 +15064,10 @@
 	 */
 	
 	var __htmlEscapeEntities = function ( d ) {
+		if (Array.isArray(d)) {
+			d = d.join(',');
+		}
+	
 		return typeof d === 'string' ?
 			d
 				.replace(/&/g, '&amp;')
diff --git a/js/jquery.dataTables.min.js b/js/jquery.dataTables.min.js

Original file line number	Diff line number	Diff line change
`@@ -9,5 +9,5 @@`
`9`	`9`	`],`
`10`	`10`	`"src-repo": "http://github.com/DataTables/DataTablesSrc",`
`11`	`11`	`"last-tag": "1.11.2",`
`12`		`- "last-sync": "ea607c6e51e76d13efc341b5d41f5082a33b56e0"`
	`12`	`+ "last-sync": "e835ddc5b800c47f7e9e32a91cc522f8ca7ced5c"`
`13`	`13`	`}`