Changeset 3775

Timestamp:

09/21/06 08:35:34 (2 years ago)

Author:

mtredinnick

Message:

Fixed #2761 -- Apply escaping to values in form checkbox attributes.

Files:

• django/trunk/django/forms/__init__.py (modified) (1 diff)

django/trunk/django/forms/__init__.py

@@ -640 +640 @@
-            field_name = '%s%s' % (self.field_name, value)
-            output.append('<li><input type="checkbox" id="%s" class="v%s" name="%s"%s /> <label for="%s">%s</label></li>' % \
-value 
-value
+escape(value)
+escape(value)
-        output.append('</ul>')
-        return '\n'.join(output)