Fixed #1357 and #614 -- <select> formfields now escape values

git-svn-id: http://code.djangoproject.com/svn/django/trunk@2321 bcc190cf-cafb-0310-a4f2-bffc1f526a37

Fixed #1357 and #614 -- <select> formfields now escape values
git-svn-id: http://code.djangoproject.com/svn/django/trunk@2321 bcc190cf-cafb-0310-a4f2-bffc1f526a37
15f57d8c · Adrian Holovaty · af33a72f · 15f57d8c
Kaydet (Commit) 15f57d8c authored Şub 17, 2006 tarafından Adrian Holovaty
Hide whitespace changes
Inline Side-by-side

Showing with 1 addition and 1 deletion

formfields.py django/core/formfields.py +1 -1

No files found.
--- a/django/core/formfields.py
+++ b/django/core/formfields.py
@@ -427,7 +427,7 @@ class SelectField(FormField):
            selected_html = ''
            if str(value) == str_data:
                selected_html = ' selected="selected"'
-            output.append('    <option value="%s"%s>%s</option>' % (escape(value), selected_html, display_name))
+            output.append('    <option value="%s"%s>%s</option>' % (escape(value), selected_html, escape(display_name)))
        output.append('  </select>')
        return '\n'.join(output)