diff --git a/src/core.js b/src/core.js
index 5a2fb1ce4..ab891487b 100644
--- a/src/core.js
+++ b/src/core.js
@@ -945,14 +945,23 @@ $.extend( $.validator, {
error.removeClass( this.settings.validClass ).addClass( this.settings.errorClass );
// Replace message on existing label
- error.html( message );
+ if ( this.settings && this.settings.escapeHtml ) {
+ error.text( message || "" );
+ } else {
+ error.html( message || "" );
+ }
} else {
// Create error element
error = $( "<" + this.settings.errorElement + ">" )
.attr( "id", elementID + "-error" )
- .addClass( this.settings.errorClass )
- .html( message || "" );
+ .addClass( this.settings.errorClass );
+
+ if ( this.settings && this.settings.escapeHtml ) {
+ error.text( message || "" );
+ } else {
+ error.html( message || "" );
+ }
// Maintain reference to the element to be placed into the DOM
place = error;
diff --git a/test/error-placement.js b/test/error-placement.js
index 7c00ce0cd..05e5c565f 100644
--- a/test/error-placement.js
+++ b/test/error-placement.js
@@ -440,3 +440,60 @@ QUnit.test( "#1632: Error hidden, but input error class not removed", function(
assert.equal( v.numberOfInvalids(), 0, "There is no error" );
assert.equal( box2.hasClass( "error" ), false, "Box2 should not have an error class" );
} );
+
+QUnit.test( "test settings.escapeHtml undefined", function( assert ) {
+ var form = $( "#escapeHtmlForm1" ),
+ field = $( "#escapeHtmlForm1text" );
+
+ form.validate( {
+ messages: {
+ escapeHtmlForm1text: {
+ required: ""
+ }
+ }
+ } );
+
+ assert.ok( !field.valid() );
+ assert.hasError( field, "required" );
+
+ var label = form.find( "label" );
+ assert.equal( label.length, 1 );
+ assert.equal( label.html(), "" );
+
+ label.html( "" );
+ assert.ok( !field.valid() );
+ assert.equal( label.html(), "" );
+
+ field.val( "foo" );
+ assert.ok( field.valid() );
+ assert.noErrorFor( field );
+} );
+
+QUnit.test( "test settings.escapeHtml true", function( assert ) {
+ var form = $( "#escapeHtmlForm2" ),
+ field = $( "#escapeHtmlForm2text" );
+
+ form.validate( {
+ escapeHtml: true,
+ messages: {
+ escapeHtmlForm2text: {
+ required: ""
+ }
+ }
+ } );
+
+ assert.ok( !field.valid() );
+ assert.hasError( field, "required" );
+
+ var label = form.find( "label" );
+ assert.equal( label.length, 1 );
+ assert.equal( label.html(), "<script>console.log('!!!');</script>" );
+
+ label.html( "" );
+ assert.ok( !field.valid() );
+ assert.equal( label.html(), "<script>console.log('!!!');</script>" );
+
+ field.val( "foo" );
+ assert.ok( field.valid() );
+ assert.noErrorFor( field );
+} );
diff --git a/test/index.html b/test/index.html
index f27ad1d76..601f6a505 100644
--- a/test/index.html
+++ b/test/index.html
@@ -467,6 +467,12 @@
+
+