From 7bf507e889d115ae934231a0b2f041f9a88b4293 Mon Sep 17 00:00:00 2001
From: ggorlen <gsgorlen@gmail.com>
Date: Wed, 31 Aug 2022 19:25:20 -0700
Subject: [PATCH 1/3] Use textContent to avoid HTML special characters in
 options

---
 src/dom/dom.js | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/dom/dom.js b/src/dom/dom.js
index c15484496a..1f53ecea54 100644
--- a/src/dom/dom.js
+++ b/src/dom/dom.js
@@ -705,7 +705,7 @@ p5.prototype.createSelect = function() {
     }
     //see if there is already an option with this name
     for (let i = 0; i < this.elt.length; i += 1) {
-      if (this.elt[i].innerHTML === name) {
+      if (this.elt[i].textContent === name) {
         index = i;
         break;
       }
@@ -722,7 +722,7 @@ p5.prototype.createSelect = function() {
     } else {
       //if it doesn't exist create it
       const opt = document.createElement('option');
-      opt.innerHTML = name;
+      opt.textContent = name;
       opt.value = value === undefined ? name : value;
       this.elt.appendChild(opt);
       this._pInst._elements.push(opt);

From 5137aa0efc43ecab2e3bad0b8592aa85babcf217 Mon Sep 17 00:00:00 2001
From: ggorlen <gsgorlen@gmail.com>
Date: Thu, 1 Sep 2022 11:48:23 -0700
Subject: [PATCH 2/3] Add test for textContent for select option names

---
 test/unit/dom/dom.js | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/test/unit/dom/dom.js b/test/unit/dom/dom.js
index a6ffe50cb0..f3617e8a2c 100644
--- a/test/unit/dom/dom.js
+++ b/test/unit/dom/dom.js
@@ -808,6 +808,14 @@ suite('DOM', function() {
       }
     });
 
+    test('should update select value when HTML special characters are in the name', function() {
+      testElement = myp5.createSelect(true);
+      testElement.option('&', 'foo');
+      assert.equal(testElement.elt.options[0].value, 'foo');
+      testElement.option('&', 'bar');
+      assert.equal(testElement.elt.options[0].value, 'bar');
+    });
+
     test('calling selected(value) should updated selectedIndex', function() {
       testElement = myp5.createSelect(true);
       options = ['Sunday', 'Monday', 'Tuesday', 'Friday'];

From 028a502d0a89036b67eec667b1ae5a500b644178 Mon Sep 17 00:00:00 2001
From: ggorlen <gsgorlen@gmail.com>
Date: Thu, 1 Sep 2022 12:14:38 -0700
Subject: [PATCH 3/3] Add length check to select unit test

---
 test/unit/dom/dom.js | 1 +
 1 file changed, 1 insertion(+)

diff --git a/test/unit/dom/dom.js b/test/unit/dom/dom.js
index f3617e8a2c..3b7c63b1b1 100644
--- a/test/unit/dom/dom.js
+++ b/test/unit/dom/dom.js
@@ -811,6 +811,7 @@ suite('DOM', function() {
     test('should update select value when HTML special characters are in the name', function() {
       testElement = myp5.createSelect(true);
       testElement.option('&', 'foo');
+      assert.equal(testElement.elt.options.length, 1);
       assert.equal(testElement.elt.options[0].value, 'foo');
       testElement.option('&', 'bar');
       assert.equal(testElement.elt.options[0].value, 'bar');