Skip to content

Commit

Permalink
Fixed #2761 -- Apply escaping to values in form checkbox attributes.
Browse files Browse the repository at this point in the history 
git-svn-id: http://code.djangoproject.com/svn/django/trunk@3775 bcc190cf-cafb-0310-a4f2-bffc1f526a37
  • Loading branch information
@malcolmt
malcolmt committed Sep 21, 2006
1 parent e947fb2 commit 31d764c
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions django/forms/__init__.py
View file
Expand Up @@ -639,8 +639,8 @@ def render(self, data):
checked_html = ' checked="checked"'
field_name = '%s%s' % (self.field_name, value)
output.append('<li><input type="checkbox" id="%s" class="v%s" name="%s"%s /> <label for="%s">%s</label></li>' % \
(self.get_id() + value , self.__class__.__name__, field_name, checked_html,
self.get_id() + value, choice))
(self.get_id() + escape(value), self.__class__.__name__, field_name, checked_html,
self.get_id() + escape(value), choice))
output.append('</ul>')
return '\n'.join(output)

Expand Down

0 comments on commit 31d764c

Please sign in to comment.