Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse code

Fixed #3078 -- newforms: Added HTML escaping to label_tag() calls. Th…

…anks, SmileyChris

git-svn-id: http://code.djangoproject.com/svn/django/trunk@4133 bcc190cf-cafb-0310-a4f2-bffc1f526a37
  • Loading branch information...
commit 4db61fb406afb8447fb8dfe4808ccb426b824064 1 parent 8aae90c
Adrian Holovaty authored November 29, 2006

Showing 1 changed file with 2 additions and 2 deletions. Show diff stats Hide diff stats

  1. 4  django/newforms/forms.py
4  django/newforms/forms.py
@@ -82,7 +82,7 @@ def as_table(self):
82 82
             bf = BoundField(self, field, name)
83 83
             if bf.errors:
84 84
                 output.append(u'<tr><td colspan="2">%s</td></tr>' % bf.errors)
85  
-            output.append(u'<tr><td>%s</td><td>%s</td></tr>' % (bf.label_tag(bf.verbose_name+':'), bf))
  85
+            output.append(u'<tr><td>%s</td><td>%s</td></tr>' % (bf.label_tag(escape(bf.verbose_name+':')), bf))
86 86
         return u'\n'.join(output)
87 87
 
88 88
     def as_ul(self):
@@ -96,7 +96,7 @@ def as_ul(self):
96 96
             line = u'<li>'
97 97
             if bf.errors:
98 98
                 line += str(bf.errors)
99  
-            line += u'%s %s</li>' % (bf.label_tag(bf.verbose_name+':'), bf)
  99
+            line += u'%s %s</li>' % (bf.label_tag(escape(bf.verbose_name+':')), bf)
100 100
             output.append(line)
101 101
         return u'\n'.join(output)
102 102
 

0 notes on commit 4db61fb

Please sign in to comment.
Something went wrong with that request. Please try again.