What if there is <script> in the data-caption?

[Noitidart]

If I put <script> into my data-caption field, will jQuery.html dangerously evaluate it here:

SlipHover/src/jquery.sliphover.js

Lines 137 to 167 in dc4dd2e

	}).html($element.attr(instance.settings.caption));
	} else {
	content = $element.attr(instance.settings.caption);
	}
	$targetAParent = $element.parent('a');
	if ($targetAParent.length && instance.settings.withLink) {
	var url = $targetAParent.attr('href');
	$overlay = $('<a>', {
	class: 'sliphover-overlay',
	href: url || '#'
	}).css({
	textDecoration: 'none'
	});
	} else {
	$overlay = $('<div>', {
	class: 'sliphover-overlay'
	});
	}
	$overlay.css({
	width: '100%',
	height: instance.settings.height,
	position: 'absolute',
	left: left,
	bottom: bottom,
	display: instance.settings.verticalMiddle ? 'table' : 'inline',
	textAlign: instance.settings.textAlign,
	color: instance.settings.fontColor,
	backgroundColor: instance.settings.backgroundColor
	})
	.html(content);

?

Thanks sir for your great work.

[Noitidart]

Is it save if I do .parseHTML instead of the .html?

[wayou]

i think there's no reason for someone who put script into it to hack himself.
what's more, the html is needed for customizing the look.