Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse code

Fixed #1357 and #614 -- <select> formfields now escape values

git-svn-id: http://code.djangoproject.com/svn/django/trunk@2321 bcc190cf-cafb-0310-a4f2-bffc1f526a37
  • Loading branch information...
commit 15f57d8c55d74e41e8102ccad27fcc7d73a67771 1 parent af33a72
Adrian Holovaty authored

Showing 1 changed file with 1 addition and 1 deletion. Show diff stats Hide diff stats

  1. 2  django/core/formfields.py
2  django/core/formfields.py
@@ -427,7 +427,7 @@ def render(self, data):
427 427
             selected_html = ''
428 428
             if str(value) == str_data:
429 429
                 selected_html = ' selected="selected"'
430  
-            output.append('    <option value="%s"%s>%s</option>' % (escape(value), selected_html, display_name))
  430
+            output.append('    <option value="%s"%s>%s</option>' % (escape(value), selected_html, escape(display_name)))
431 431
         output.append('  </select>')
432 432
         return '\n'.join(output)
433 433
 

0 notes on commit 15f57d8

Please sign in to comment.
Something went wrong with that request. Please try again.