Fixed #2761 -- Apply escaping to values in form checkbox attributes.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@3775 bcc190cf-cafb-0310-a4f2-bffc1f526a37
author: Malcolm Tredinnick <malcolm.tredinnick@gmail.com> 2006-09-21 13:35:34 +0000
committer: Malcolm Tredinnick <malcolm.tredinnick@gmail.com> 2006-09-21 13:35:34 +0000
commit: 31d764cadfa52e851db9eccb0e84b567ff4c0579 (patch)
tree: 57fcb13c57555c57fd7e4819cdc063b168275ffa /django/forms
parent: e947fb2111c575b6005c9a291c25d85a959e8b1f (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/django/forms/__init__.py b/django/forms/__init__.py
index 730f7a54da..241795312e 100644
--- a/django/forms/__init__.py
+++ b/django/forms/__init__.py
@@ -639,8 +639,8 @@ class CheckboxSelectMultipleField(SelectMultipleField):
                 checked_html = ' checked="checked"'
             field_name = '%s%s' % (self.field_name, value)
             output.append('<li><input type="checkbox" id="%s" class="v%s" name="%s"%s /> <label for="%s">%s</label></li>' % \
-                (self.get_id() + value , self.__class__.__name__, field_name, checked_html,
-                self.get_id() + value, choice))
+                (self.get_id() + escape(value), self.__class__.__name__, field_name, checked_html,
+                self.get_id() + escape(value), choice))
         output.append('</ul>')
         return '\n'.join(output)
author	Malcolm Tredinnick <malcolm.tredinnick@gmail.com>	2006-09-21 13:35:34 +0000
committer	Malcolm Tredinnick <malcolm.tredinnick@gmail.com>	2006-09-21 13:35:34 +0000
commit	31d764cadfa52e851db9eccb0e84b567ff4c0579 (patch)
tree	57fcb13c57555c57fd7e4819cdc063b168275ffa /django/forms
parent	e947fb2111c575b6005c9a291c25d85a959e8b1f (diff)