mirror of
				https://github.com/django/django.git
				synced 2025-10-24 22:26:08 +00:00 
			
		
		
		
	Fixed #2020 -- <option> values are now escaped in SelectMultipleField
git-svn-id: http://code.djangoproject.com/svn/django/trunk@3021 bcc190cf-cafb-0310-a4f2-bffc1f526a37
This commit is contained in:
		| @@ -577,7 +577,7 @@ class SelectMultipleField(SelectField): | |||||||
|             selected_html = '' |             selected_html = '' | ||||||
|             if str(value) in str_data_list: |             if str(value) in str_data_list: | ||||||
|                 selected_html = ' selected="selected"' |                 selected_html = ' selected="selected"' | ||||||
|             output.append('    <option value="%s"%s>%s</option>' % (escape(value), selected_html, choice)) |             output.append('    <option value="%s"%s>%s</option>' % (escape(value), selected_html, escape(choice))) | ||||||
|         output.append('  </select>') |         output.append('  </select>') | ||||||
|         return '\n'.join(output) |         return '\n'.join(output) | ||||||
|  |  | ||||||
|   | |||||||
		Reference in New Issue
	
	Block a user