Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Fixed #1357 and #614 -- <select> formfields now escape values

git-svn-id: http://code.djangoproject.com/svn/django/trunk@2321 bcc190cf-cafb-0310-a4f2-bffc1f526a37
  • Loading branch information...
commit 15f57d8c55d74e41e8102ccad27fcc7d73a67771 1 parent af33a72
@adrianholovaty adrianholovaty authored
Showing with 1 addition and 1 deletion.
  1. +1 −1  django/core/formfields.py
View
2  django/core/formfields.py
@@ -427,7 +427,7 @@ def render(self, data):
selected_html = ''
if str(value) == str_data:
selected_html = ' selected="selected"'
- output.append(' <option value="%s"%s>%s</option>' % (escape(value), selected_html, display_name))
+ output.append(' <option value="%s"%s>%s</option>' % (escape(value), selected_html, escape(display_name)))
output.append(' </select>')
return '\n'.join(output)
Please sign in to comment.
Something went wrong with that request. Please try again.