http://trirand.com/blog/jqgrid/jqgrid.html -> Searching -> Show query in search
If I add the text <script>alert('XSS');</script> in the textbox and click out of the box, script is executed.
It happens because any value typed in textbox is directly copied to the label on top of the box.
Is there any way to encode this label and not have the script executed?