mirror of
				https://github.com/django/django.git
				synced 2025-10-25 22:56:12 +00:00 
			
		
		
		
	Fixed #3078 -- newforms: Added HTML escaping to label_tag() calls. Thanks, SmileyChris
git-svn-id: http://code.djangoproject.com/svn/django/trunk@4133 bcc190cf-cafb-0310-a4f2-bffc1f526a37
This commit is contained in:
		| @@ -82,7 +82,7 @@ class Form(object): | |||||||
|             bf = BoundField(self, field, name) |             bf = BoundField(self, field, name) | ||||||
|             if bf.errors: |             if bf.errors: | ||||||
|                 output.append(u'<tr><td colspan="2">%s</td></tr>' % bf.errors) |                 output.append(u'<tr><td colspan="2">%s</td></tr>' % bf.errors) | ||||||
|             output.append(u'<tr><td>%s</td><td>%s</td></tr>' % (bf.label_tag(bf.verbose_name+':'), bf)) |             output.append(u'<tr><td>%s</td><td>%s</td></tr>' % (bf.label_tag(escape(bf.verbose_name+':')), bf)) | ||||||
|         return u'\n'.join(output) |         return u'\n'.join(output) | ||||||
|  |  | ||||||
|     def as_ul(self): |     def as_ul(self): | ||||||
| @@ -96,7 +96,7 @@ class Form(object): | |||||||
|             line = u'<li>' |             line = u'<li>' | ||||||
|             if bf.errors: |             if bf.errors: | ||||||
|                 line += str(bf.errors) |                 line += str(bf.errors) | ||||||
|             line += u'%s %s</li>' % (bf.label_tag(bf.verbose_name+':'), bf) |             line += u'%s %s</li>' % (bf.label_tag(escape(bf.verbose_name+':')), bf) | ||||||
|             output.append(line) |             output.append(line) | ||||||
|         return u'\n'.join(output) |         return u'\n'.join(output) | ||||||
|  |  | ||||||
|   | |||||||
		Reference in New Issue
	
	Block a user