Ticket #2761: django.diff

File django.diff, 772 bytes (added by lambert@…, 9 years ago)

Patch to fix escaping

  • django/forms/__init__.py

    old new  
    639639                checked_html = ' checked="checked"'
    640640            field_name = '%s%s' % (self.field_name, value)
    641641            output.append('<li><input type="checkbox" id="%s" class="v%s" name="%s"%s /> <label for="%s">%s</label></li>' % \
    642                 (self.get_id() + value , self.__class__.__name__, field_name, checked_html,
    643                 self.get_id() + value, choice))
     642                (self.get_id() + escape(value), self.__class__.__name__, field_name, checked_html,
     643                self.get_id() + escape(value), choice))
    644644        output.append('</ul>')
    645645        return '\n'.join(output)
    646646
Back to Top