Author: adrian
Date: 2006-05-31 09:58:20 -0500 (Wed, 31 May 2006)
New Revision: 3021
Modified:
django/trunk/django/forms/__init__.py
Log:
Fixed #2020 -- <option> values are now escaped in SelectMultipleField
Modified: django/trunk/django/forms/__init__.py
===================================================================
--- django/trunk/django/forms/__init__.py 2006-05-31 14:53:23 UTC (rev
3020)
+++ django/trunk/django/forms/__init__.py 2006-05-31 14:58:20 UTC (rev
3021)
@@ -577,7 +577,7 @@
selected_html = ''
if str(value) in str_data_list:
selected_html = ' selected="selected"'
- output.append(' <option value="%s"%s>%s</option>' %
(escape(value), selected_html, choice))
+ output.append(' <option value="%s"%s>%s</option>' %
(escape(value), selected_html, escape(choice)))
output.append(' </select>')
return '\n'.join(output)
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/django-updates
-~----------~----~----~----~------~----~------~--~---
