diff options
| author | Adrian Holovaty <adrian@holovaty.com> | 2006-05-31 14:58:20 +0000 |
|---|---|---|
| committer | Adrian Holovaty <adrian@holovaty.com> | 2006-05-31 14:58:20 +0000 |
| commit | 7098389fae47ecc791809f21d60193f2c5449a7b (patch) | |
| tree | 9fe3a367f85541bf71c124fd18064159868f27a7 /django/forms/__init__.py | |
| parent | 8623bd126ddf85344aaf5aedd933e90b32c71148 (diff) | |
Fixed #2020 -- <option> values are now escaped in SelectMultipleField
git-svn-id: http://code.djangoproject.com/svn/django/trunk@3021 bcc190cf-cafb-0310-a4f2-bffc1f526a37
Diffstat (limited to 'django/forms/__init__.py')
| -rw-r--r-- | django/forms/__init__.py | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/django/forms/__init__.py b/django/forms/__init__.py index 7ad26a4d71..52092aff7b 100644 --- a/django/forms/__init__.py +++ b/django/forms/__init__.py @@ -577,7 +577,7 @@ class SelectMultipleField(SelectField): selected_html = '' if str(value) in str_data_list: selected_html = ' selected="selected"' - output.append(' <option value="%s"%s>%s</option>' % (escape(value), selected_html, choice)) + output.append(' <option value="%s"%s>%s</option>' % (escape(value), selected_html, escape(choice))) output.append(' </select>') return '\n'.join(output) |