From 88bdbaf7876b0e0283f13ca22cfa75853d500a9d Mon Sep 17 00:00:00 2001
From: Michiel <michieleghuizen@gmail.com>
Date: Thu, 15 Nov 2012 16:21:55 +0100
Subject: [PATCH] Update src/jquery.autocomplete.js

Using the native JSON.parse built-in function in the browsers if it's available.
Adds more security to it, so the autocomplete is less prone to XSS attacks.
---
 src/jquery.autocomplete.js | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/jquery.autocomplete.js b/src/jquery.autocomplete.js
index baf700a..eed36c1 100644
--- a/src/jquery.autocomplete.js
+++ b/src/jquery.autocomplete.js
@@ -361,7 +361,10 @@
             var response;
 
             try {
-                response = eval('(' + text + ')');
+                if (typeof(JSON) != "undefined" && typeof(JSON.parse) != "undefined")
+                    response = JSON.parse(text);
+                else
+                    response = eval('(' + text + ')');
             } catch (err) {
                 return;
             }