Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse code

Fixed #2020 -- <option> values are now escaped in SelectMultipleField

git-svn-id: http://code.djangoproject.com/svn/django/trunk@3021 bcc190cf-cafb-0310-a4f2-bffc1f526a37
  • Loading branch information...
commit 7098389fae47ecc791809f21d60193f2c5449a7b 1 parent 8623bd1
Adrian Holovaty authored May 31, 2006

Showing 1 changed file with 1 addition and 1 deletion. Show diff stats Hide diff stats

  1. 2  django/forms/__init__.py
2  django/forms/__init__.py
@@ -577,7 +577,7 @@ def render(self, data):
577 577
             selected_html = ''
578 578
             if str(value) in str_data_list:
579 579
                 selected_html = ' selected="selected"'
580  
-            output.append('    <option value="%s"%s>%s</option>' % (escape(value), selected_html, choice))
  580
+            output.append('    <option value="%s"%s>%s</option>' % (escape(value), selected_html, escape(choice)))
581 581
         output.append('  </select>')
582 582
         return '\n'.join(output)
583 583
 

0 notes on commit 7098389

Please sign in to comment.
Something went wrong with that request. Please try again.