(un)escape the editable values to prevent htmlentities within the data

attribute 'value'

src/extensions/editable/bootstrap-table-editable.js

@@ -102,7 +102,7 @@ $.BootstrapTable = class extends $.BootstrapTable {
         return
       }
 
-      const data = this.getData()
+      const data = this.getData(undefined, true)
       const $field = this.$body.find(`a[data-name="${column.field}"]`)
 
       $field.each((i, element) => {
@@ -131,6 +131,7 @@ $.BootstrapTable = class extends $.BootstrapTable {
           }
         }
 
+        submitValue = Utils.escapeHTML(submitValue)
         $this.data('value', submitValue)
         row[column.field] = submitValue
         this.trigger('editable-save', column.field, row, rowIndex, oldValue, $this)
@@ -157,4 +158,23 @@ $.BootstrapTable = class extends $.BootstrapTable {
     })
     this.trigger('editable-init')
   }
+
+  getData (params, escaping) {
+    const data = super.getData(params)
+    let escape = false
+
+    if (typeof escaping === 'boolean') {
+      escape = escaping
+    }
+
+    if (escape) {
+      $.each(data, (i, object) => {
+        $.each(object, (objectIndex, value) => {
+          object[objectIndex] = Utils.unescapeHTML(value)
+        })
+      })
+    }
+
+    return data
+  }
 }

src/utils/index.js

@@ -184,6 +184,19 @@ export default {
     return text
   },
 
+  unescapeHTML (text) {
+    if (typeof text === 'string') {
+      return text
+        .replace(/&/g, '&')
+        .replace(/&lt;/g, '<')
+        .replace(/&gt;/g, '>')
+        .replace(/&quot;/g, '"')
+        .replace(/&#039;/g, '\'')
+        .replace(/&#x60;/g, '`')
+    }
+    return text
+  },
+
   getRealDataAttr (dataAttr) {
     for (const [attr, value] of Object.entries(dataAttr)) {
       const auxAttr = attr.split(/(?=[A-Z])/).join('-').toLowerCase()