Prevent cross-site scripting(XSS) vulnerabilities.

SECURITY.md

@@ -2,8 +2,7 @@
 
 ## Reporting a Vulnerability
 
-Please share privately the details of your security vulnerability by email to:
-[Contact Info](support@notrinos.com)  
+Please share privately the details of your security vulnerability by email to: support@notrinos.com  
 Or open an issue at [our forum](https://forums.notrinos.com/t/bugs-problems)
 
 Make sure to include as much information as possible, with the detailed steps to reproduce the problem,

libraries/select.js

@@ -15,9 +15,10 @@ var loadSelect2 = {
 		if((e.hasAttribute('multiple') === false) && $(e).hasClass('nosearch') === false) {
 			$(e).select2({
 				dropdownAutoWidth : true,
-				// break a select option item into multi lines
 				templateResult: function(item) {
-					var selectionText = item.text.split('\n');
+					// replace(/</g, '&lt;') : prevent the code in the option’s value from being executed by the browser.
+					// split('\n') : break a select option item into multi lines
+					var selectionText = item.text.replace(/</g, '&lt;').split('\n');
 					var returnString = $('<span></span>');
 					$.each(selectionText, function(index, value){
 						line = value === undefined ? '' : value;