Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse code

Fixed #2761 -- Apply escaping to values in form checkbox attributes.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@3775 bcc190cf-cafb-0310-a4f2-bffc1f526a37
  • Loading branch information...
commit 31d764cadfa52e851db9eccb0e84b567ff4c0579 1 parent e947fb2
Malcolm Tredinnick authored September 21, 2006

Showing 1 changed file with 2 additions and 2 deletions. Show diff stats Hide diff stats

  1. 4  django/forms/__init__.py
4  django/forms/__init__.py
@@ -639,8 +639,8 @@ def render(self, data):
639 639
                 checked_html = ' checked="checked"'
640 640
             field_name = '%s%s' % (self.field_name, value)
641 641
             output.append('<li><input type="checkbox" id="%s" class="v%s" name="%s"%s /> <label for="%s">%s</label></li>' % \
642  
-                (self.get_id() + value , self.__class__.__name__, field_name, checked_html,
643  
-                self.get_id() + value, choice))
  642
+                (self.get_id() + escape(value), self.__class__.__name__, field_name, checked_html,
  643
+                self.get_id() + escape(value), choice))
644 644
         output.append('</ul>')
645 645
         return '\n'.join(output)
646 646
 

0 notes on commit 31d764c

Please sign in to comment.
Something went wrong with that request. Please try again.