p15693087
/
django
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Fixed #2020 -- <option> values are now escaped in SelectMultipleField 

git-svn-id: http://code.djangoproject.com/svn/django/trunk@3021 bcc190cf-cafb-0310-a4f2-bffc1f526a37
This commit is contained in:
Adrian Holovaty 2006-05-31 14:58:20 +00:00
parent 8623bd126d
commit 7098389fae
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
django/forms/__init__.py
View File

@ -577,7 +577,7 @@ class SelectMultipleField(SelectField):
selected_html = '' selected_html = ''
if str(value) in str_data_list: if str(value) in str_data_list:
selected_html = ' selected="selected"' selected_html = ' selected="selected"'
output.append(' <option value="%s"%s>%s</option>' % (escape(value), selected_html, choice)) output.append(' <option value="%s"%s>%s</option>' % (escape(value), selected_html, escape(choice)))
output.append(' </select>') output.append(' </select>')
return '\n'.join(output) return '\n'.join(output)