Pass through non-strings in `escapeMarkup`

It is assumed that DOM elements or related objects will have been
escaped before they are passed back from templating functions. As
strings are typically blinding concatenated, like in our defaults,
it makes sense to escape the markup within them.

This is related to https://github.com/select2/select2/issues/3005.

dist/js/select2.amd.full.js

@@ -231,6 +231,11 @@ define(['jquery'], function ($) {define('select2/utils',[
       '/': '/'
     };
 
+    // Do not try to escape the markup if it's not a string
+    if (typeof markup !== 'string') {
+      return markup;
+    }
+
     return String(markup).replace(/[&<>"'\/\\]/g, function (match) {
       return replaceMap[match];
     });

dist/js/select2.amd.js

@@ -231,6 +231,11 @@ define(['jquery'], function ($) {define('select2/utils',[
       '/': '/'
     };
 
+    // Do not try to escape the markup if it's not a string
+    if (typeof markup !== 'string') {
+      return markup;
+    }
+
     return String(markup).replace(/[&<>"'\/\\]/g, function (match) {
       return replaceMap[match];
     });

dist/js/select2.full.js

@@ -669,6 +669,11 @@ define('select2/utils',[
       '/': '/'
     };
 
+    // Do not try to escape the markup if it's not a string
+    if (typeof markup !== 'string') {
+      return markup;
+    }
+
     return String(markup).replace(/[&<>"'\/\\]/g, function (match) {
       return replaceMap[match];
     });

dist/js/select2.js

@@ -669,6 +669,11 @@ define('select2/utils',[
       '/': '/'
     };
 
+    // Do not try to escape the markup if it's not a string
+    if (typeof markup !== 'string') {
+      return markup;
+    }
+
     return String(markup).replace(/[&<>"'\/\\]/g, function (match) {
       return replaceMap[match];
     });

src/js/select2/utils.js

@@ -231,6 +231,11 @@ define([
       '/': '/'
     };
 
+    // Do not try to escape the markup if it's not a string
+    if (typeof markup !== 'string') {
+      return markup;
+    }
+
     return String(markup).replace(/[&<>"'\/\\]/g, function (match) {
       return replaceMap[match];
     });

tests/utils/escapeMarkup-tests.js

@@ -25,3 +25,12 @@ test('quotes are killed as well', function (assert) {
   assert.equal(escaped.indexOf('\''), -1);
   assert.equal(escaped.indexOf('"'), -1);
 });
+
+test('DocumentFragment options pass through', function (assert) {
+  var frag = document.createDocumentFragment();
+  frag.innerHTML = '<strong>test</strong>';
+
+  var escaped = Utils.escapeMarkup(frag);
+
+  assert.equal(frag, escaped);
+});