Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Fixed #2020 -- <option> values are now escaped in SelectMultipleField

git-svn-id: http://code.djangoproject.com/svn/django/trunk@3021 bcc190cf-cafb-0310-a4f2-bffc1f526a37
  • Loading branch information...
commit 7098389fae47ecc791809f21d60193f2c5449a7b 1 parent 8623bd1
@adrianholovaty adrianholovaty authored
Showing with 1 addition and 1 deletion.
  1. +1 −1  django/forms/__init__.py
View
2  django/forms/__init__.py
@@ -577,7 +577,7 @@ def render(self, data):
selected_html = ''
if str(value) in str_data_list:
selected_html = ' selected="selected"'
- output.append(' <option value="%s"%s>%s</option>' % (escape(value), selected_html, choice))
+ output.append(' <option value="%s"%s>%s</option>' % (escape(value), selected_html, escape(choice)))
output.append(' </select>')
return '\n'.join(output)

0 comments on commit 7098389

Please sign in to comment.
Something went wrong with that request. Please try again.