innov
/
django1
1
0
Fork 0
Code Issues Pull Requests 1 Projects Releases Wiki Activity

Fixed #1357 and #614 -- <select> formfields now escape values 

git-svn-id: http://code.djangoproject.com/svn/django/trunk@2321 bcc190cf-cafb-0310-a4f2-bffc1f526a37
This commit is contained in:
Adrian Holovaty 2006-02-17 17:55:41 +00:00
parent af33a72fb5
commit 15f57d8c55
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
django/core/formfields.py
View File

@ -427,7 +427,7 @@ class SelectField(FormField):
selected_html = ''
if str(value) == str_data:
selected_html = ' selected="selected"'
output.append(' <option value="%s"%s>%s</option>' % (escape(value), selected_html, display_name))
output.append(' <option value="%s"%s>%s</option>' % (escape(value), selected_html, escape(display_name)))
output.append(' </select>')
return '\n'.join(output)