From 4d3a6850b9502166e74e9cedf32720a9e153b6ba Mon Sep 17 00:00:00 2001
From: yaakovfeldman <yaakovfeldman@users.noreply.github.com>
Date: Mon, 12 Sep 2022 16:15:28 +0100
Subject: [PATCH 1/2] Escape input even when no shortening required

---
 dataRender/ellipsis.js | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/dataRender/ellipsis.js b/dataRender/ellipsis.js
index 186e9e5..b42ac5e 100644
--- a/dataRender/ellipsis.js
+++ b/dataRender/ellipsis.js
@@ -63,12 +63,18 @@ jQuery.fn.dataTable.render.ellipsis = function ( cutoff, wordbreak, escapeHtml )
 		}
 
 		if ( typeof d !== 'number' && typeof d !== 'string' ) {
+			if ( escapeHtml ) {
+				return esc( d );
+			}
 			return d;
 		}
 
 		d = d.toString(); // cast numbers
 
 		if ( d.length <= cutoff ) {
+			if ( escapeHtml ) {
+				return esc( d );
+			}
 			return d;
 		}
 

From 40e3b46cd05a145a74ef02e15d518e0af64c2874 Mon Sep 17 00:00:00 2001
From: yaakovfeldman <yaakovfeldman@users.noreply.github.com>
Date: Mon, 12 Sep 2022 17:25:45 +0100
Subject: [PATCH 2/2] Ensure that data is string before escaping

---
 dataRender/ellipsis.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dataRender/ellipsis.js b/dataRender/ellipsis.js
index b42ac5e..a89cf77 100644
--- a/dataRender/ellipsis.js
+++ b/dataRender/ellipsis.js
@@ -49,7 +49,7 @@
 
 jQuery.fn.dataTable.render.ellipsis = function ( cutoff, wordbreak, escapeHtml ) {
 	var esc = function ( t ) {
-		return t
+		return ('' + t)
 			.replace( /&/g, '&amp;' )
 			.replace( /</g, '&lt;' )
 			.replace( />/g, '&gt;' )