mirror of https://github.com/django/django.git
Fixed #2020 -- <option> values are now escaped in SelectMultipleField
git-svn-id: http://code.djangoproject.com/svn/django/trunk@3021 bcc190cf-cafb-0310-a4f2-bffc1f526a37
This commit is contained in:
parent
8623bd126d
commit
7098389fae
|
@ -577,7 +577,7 @@ class SelectMultipleField(SelectField):
|
||||||
selected_html = ''
|
selected_html = ''
|
||||||
if str(value) in str_data_list:
|
if str(value) in str_data_list:
|
||||||
selected_html = ' selected="selected"'
|
selected_html = ' selected="selected"'
|
||||||
output.append(' <option value="%s"%s>%s</option>' % (escape(value), selected_html, choice))
|
output.append(' <option value="%s"%s>%s</option>' % (escape(value), selected_html, escape(choice)))
|
||||||
output.append(' </select>')
|
output.append(' </select>')
|
||||||
return '\n'.join(output)
|
return '\n'.join(output)
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue