From 65e52120e4f578d53ca13eb82d6cbfe2f753c631 Mon Sep 17 00:00:00 2001
From: Noprianto <nop@tedut.com>
Date: Tue, 18 Feb 2014 06:24:07 +0700
Subject: [PATCH 1/3] using safestr in web.form.Dropdown._render_option

---
 web/form.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/web/form.py b/web/form.py
index 8099c38d..7416af35 100644
--- a/web/form.py
+++ b/web/form.py
@@ -253,7 +253,7 @@ def _render_option(self, arg, indent='  '):
         else:
             value, desc = arg, arg 
 
-        if self.value == value or (isinstance(self.value, list) and value in self.value):
+        if utils.safestr(self.value) == utils.safestr(value) or (isinstance(self.value, list) and value in self.value):
             select_p = ' selected="selected"'
         else:
             select_p = ''

From 7bca9e5ba522d04afc55d9fbef0697f50b46366b Mon Sep 17 00:00:00 2001
From: Noprianto <nop@tedut.com>
Date: Tue, 18 Feb 2014 14:49:34 +0700
Subject: [PATCH 2/3] [multiple] using safestr in
 web.form.Dropdown._render_option

---
 web/form.py | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/web/form.py b/web/form.py
index 7416af35..e0c46d0c 100644
--- a/web/form.py
+++ b/web/form.py
@@ -253,7 +253,13 @@ def _render_option(self, arg, indent='  '):
         else:
             value, desc = arg, arg 
 
-        if utils.safestr(self.value) == utils.safestr(value) or (isinstance(self.value, list) and value in self.value):
+        value = utils.safestr(value)
+        if isinstance(self.value, (tuple, list)):
+            self.value = [utils.safestr(x) for x in self.value]
+        else:
+            self.value = utils.safestr(self.value)
+        
+        if self.value == value or (isinstance(self.value, list) and value in self.value):
             select_p = ' selected="selected"'
         else:
             select_p = ''

From 82211db5dbedcb599b82b857e35eff79c05db2d7 Mon Sep 17 00:00:00 2001
From: Noprianto <nop@tedut.com>
Date: Tue, 18 Feb 2014 17:53:17 +0700
Subject: [PATCH 3/3] [multiple, fix] using safestr in
 web.form.Dropdown._render_option

---
 web/form.py | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/web/form.py b/web/form.py
index e0c46d0c..f2f836c1 100644
--- a/web/form.py
+++ b/web/form.py
@@ -255,11 +255,11 @@ def _render_option(self, arg, indent='  '):
 
         value = utils.safestr(value)
         if isinstance(self.value, (tuple, list)):
-            self.value = [utils.safestr(x) for x in self.value]
+            s_value = [utils.safestr(x) for x in self.value]
         else:
-            self.value = utils.safestr(self.value)
+            s_value = utils.safestr(self.value)
         
-        if self.value == value or (isinstance(self.value, list) and value in self.value):
+        if s_value == value or (isinstance(s_value, list) and value in s_value):
             select_p = ' selected="selected"'
         else:
             select_p = ''