From c8aa72039f848b685799ee0a98810d19b65ee179 Mon Sep 17 00:00:00 2001
From: Ralf Becker <ralfbecker@outdoor-training.de>
Date: Fri, 9 Aug 2013 11:17:30 +0000
Subject: [PATCH] html-encoding is done in etemplate engine

---
 .../inc/class.etemplate_widget_taglist.inc.php     | 14 +++++++-------
 etemplate/js/et2_widget_taglist.js                 |  3 ++-
 2 files changed, 9 insertions(+), 8 deletions(-)

diff --git a/etemplate/inc/class.etemplate_widget_taglist.inc.php b/etemplate/inc/class.etemplate_widget_taglist.inc.php
index a148a4ba56..de749628f4 100644
--- a/etemplate/inc/class.etemplate_widget_taglist.inc.php
+++ b/etemplate/inc/class.etemplate_widget_taglist.inc.php
@@ -27,7 +27,7 @@ class etemplate_widget_taglist extends etemplate_widget
 	public function __construct($xml = '')
 	{
 		$this->attrs['allowFreeEntries'] = true;
-		
+
 		if($xml) {
 			parent::__construct($xml);
 		}
@@ -43,17 +43,17 @@ class etemplate_widget_taglist extends etemplate_widget
 		$query = $_REQUEST['query'];
 		$options = array();
 		$links = egw_link::query($app, $query, $options);
-		
+
 		$results = array();
 		foreach($links as $id => $name)
 		{
-			$results[] = array('id'=>$id, 'label' => htmlspecialchars($name));
+			$results[] = array('id' => $id, 'label' => $name);
 		}
 		header('Content-Type: application/json; charset=utf-8');
 		echo json_encode($results);
 		common::egw_exit();
 	}
-	
+
 	/**
 	 * Search for emails
 	 *
@@ -66,11 +66,11 @@ class etemplate_widget_taglist extends etemplate_widget
 			$_REQUEST['app'] = 'addressbook-email';
 			return self::ajax_search();
 		}
-		
+
 		// TODO: this should go to a BO, not a UI object
 		return mail_compose::ajax_searchAddress();
 	}
-	
+
 	/**
 	 * Validate input
 	 *
@@ -88,7 +88,7 @@ class etemplate_widget_taglist extends etemplate_widget
 		{
 			$value = $value_in = self::get_array($content, $form_name);
 			$allowed = etemplate_widget_menupopup::selOptions($form_name);
-			
+
 			foreach((array) $value as $key => $val)
 			{
 				if(!$this->attrs['allowFreeEntries'] && !array_key_exists($val,$allowed))
diff --git a/etemplate/js/et2_widget_taglist.js b/etemplate/js/et2_widget_taglist.js
index ad5eb5e9a4..268cd39209 100644
--- a/etemplate/js/et2_widget_taglist.js
+++ b/etemplate/js/et2_widget_taglist.js
@@ -161,7 +161,8 @@ var et2_taglist = et2_selectbox.extend(
 			editable: !(this.options.disabled || this.options.readonly),
 			selectionRenderer: jQuery.proxy(this.options.tagRenderer || this.selectionRenderer,this),
 			renderer: jQuery.proxy(this.options.listRenderer || this.selectionRenderer,this),
-			maxSelection: this.options.maxSelection
+			maxSelection: this.options.maxSelection,
+			highlight: false	// otherwise renderer have to return strings
 		}, this.lib_options);
 		this.taglist = this.taglist.magicSuggest(options);