Ticket #2125: escaping.diff

File escaping.diff, 838 bytes (added by andy@…, 18 years ago)

Added escape() to values and options in CheckboxMultipleSelect

  • django/forms/__init__.py

     
    637637                checked_html = ' checked="checked"'
    638638            field_name = '%s%s' % (self.field_name, value)
    639639            output.append('<li><input type="checkbox" id="%s" class="v%s" name="%s"%s /> <label for="%s">%s</label></li>' % \
    640                 (self.get_id() + value , self.__class__.__name__, field_name, checked_html,
    641                 self.get_id() + value, choice))
     640                (self.get_id() + escape(value) , self.__class__.__name__, escape(field_name), checked_html,
     641                self.get_id() + escape(value), escape(choice)))
    642642        output.append('</ul>')
    643643        return '\n'.join(output)
    644644
Back to Top