mirror of
				https://github.com/django/django.git
				synced 2025-10-25 06:36:07 +00:00 
			
		
		
		
	Fixed #2020 -- <option> values are now escaped in SelectMultipleField
git-svn-id: http://code.djangoproject.com/svn/django/trunk@3021 bcc190cf-cafb-0310-a4f2-bffc1f526a37
This commit is contained in:
		| @@ -577,7 +577,7 @@ class SelectMultipleField(SelectField): | ||||
|             selected_html = '' | ||||
|             if str(value) in str_data_list: | ||||
|                 selected_html = ' selected="selected"' | ||||
|             output.append('    <option value="%s"%s>%s</option>' % (escape(value), selected_html, choice)) | ||||
|             output.append('    <option value="%s"%s>%s</option>' % (escape(value), selected_html, escape(choice))) | ||||
|         output.append('  </select>') | ||||
|         return '\n'.join(output) | ||||
|  | ||||
|   | ||||
		Reference in New Issue
	
	Block a user