From 2303b9a5a65f3e5a32d81ae0691dd17a5d3b66ca Mon Sep 17 00:00:00 2001 From: jameskleeh Date: Thu, 20 Oct 2016 19:55:58 -0400 Subject: [PATCH] Encode as html select option values --- .../org/grails/plugins/web/taglib/FormTagLib.groovy | 2 +- .../groovy/org/grails/web/taglib/SelectTagTests.groovy | 8 ++++++++ 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/grails-plugin-gsp/src/main/groovy/org/grails/plugins/web/taglib/FormTagLib.groovy b/grails-plugin-gsp/src/main/groovy/org/grails/plugins/web/taglib/FormTagLib.groovy index dda33de4530..a32f75f53a0 100644 --- a/grails-plugin-gsp/src/main/groovy/org/grails/plugins/web/taglib/FormTagLib.groovy +++ b/grails-plugin-gsp/src/main/groovy/org/grails/plugins/web/taglib/FormTagLib.groovy @@ -1069,7 +1069,7 @@ class FormTagLib implements ApplicationContextAware, InitializingBean, TagLibrar } } keyValue = processFormFieldValueIfNecessary(selectName, "${keyValue}","option") - writer << "value=\"${keyValue}\" " + writer << "value=\"${keyValue.toString().encodeAsHTML()}\" " if (selected) { writer << 'selected="selected" ' } diff --git a/grails-test-suite-web/src/test/groovy/org/grails/web/taglib/SelectTagTests.groovy b/grails-test-suite-web/src/test/groovy/org/grails/web/taglib/SelectTagTests.groovy index 0b3b7dabd4e..5ade5e22332 100644 --- a/grails-test-suite-web/src/test/groovy/org/grails/web/taglib/SelectTagTests.groovy +++ b/grails-test-suite-web/src/test/groovy/org/grails/web/taglib/SelectTagTests.groovy @@ -22,6 +22,14 @@ class SelectTagTests extends AbstractGrailsTagTests { assertTrue "should have HTML escaped attributes", result.startsWith('"]]) + + println result + assertTrue "should have HTML escaped values", result.contains('') + } + void testSelectUsesExpressionForDisable() { def template = '' assertOutputContains('disabled="disabled"', template)