mirror of https://github.com/django/django.git
Fixed #2020 -- <option> values are now escaped in SelectMultipleField
git-svn-id: http://code.djangoproject.com/svn/django/trunk@3021 bcc190cf-cafb-0310-a4f2-bffc1f526a37
This commit is contained in:
parent
8623bd126d
commit
7098389fae
|
@ -577,7 +577,7 @@ class SelectMultipleField(SelectField):
|
|||
selected_html = ''
|
||||
if str(value) in str_data_list:
|
||||
selected_html = ' selected="selected"'
|
||||
output.append(' <option value="%s"%s>%s</option>' % (escape(value), selected_html, choice))
|
||||
output.append(' <option value="%s"%s>%s</option>' % (escape(value), selected_html, escape(choice)))
|
||||
output.append(' </select>')
|
||||
return '\n'.join(output)
|
||||
|
||||
|
|
Loading…
Reference in New Issue