thanks for anybody that may help, I have in my DB several results that may have characters like ', ", <, >, etc. I'm normally just converting these to the respect ' < etc when displaying them but I have a small problem using this plugin to do so.
If I don't sanitize the output, the dropdown menu shown by the autocomplete plugin gets broken (as the browser is being given bad html) and it leaves my users open to XSS and javascript attacks and whatnought. Now, when I do sanitize the output the dropdown menu itself looks great as it should. But clicking an entry will then make my <input> box have a value of say -- <Test&rt; 'Data" which is obviously not quite what I'm going for. Do I need to modify the autocomplete.js to do some string replacement to set these back or.. ? If I set the input field manually as <input value='<Test ... it appears in the input box as -- <Test> 'Data" -- as it should. many thanks again! Benjamin Owens
