Merge pull request #238 from ice5050/hotfix/DoubleQuoteInRowAttributes

add function escapeHTML for preventing add custom row attribute with dou...

src/bootstrap-table.js

@@ -100,6 +100,18 @@
         return defaultValue;
     };
 
+    var escapeHTML = function (text) {
+        if (typeof text == 'string') {
+            return text
+                .replace(/&/g, "&")
+                .replace(/</g, "&lt;")
+                .replace(/>/g, "&gt;")
+                .replace(/"/g, "&quot;")
+                .replace(/'/g, "&#039;");
+        }
+        return text;
+    };
+
     // BOOTSTRAP TABLE CLASS DEFINITION
     // ======================
 
@@ -893,7 +905,7 @@
 
             if (attributes) {
                 for (var key in attributes) {
-                    htmlAttributes.push(sprintf('%s="%s"', key, attributes[key]));
+                    htmlAttributes.push(sprintf('%s="%s"', key, escapeHTML(attributes[key])));
                 }
             }