#2020 closed defect (fixed)
Choices are not escaped
Reported by: | Owned by: | Adrian Holovaty | |
---|---|---|---|
Component: | Core (Other) | Version: | |
Severity: | normal | Keywords: | |
Cc: | Triage Stage: | Unreviewed | |
Has patch: | no | Needs documentation: | no |
Needs tests: | no | Patch needs improvement: | no |
Easy pickings: | no | UI/UX: | no |
Description (last modified by )
Choices are not escaped correctly.
Here's a patch:
Index: forms/__init__.py =================================================================== --- forms/__init__.py (revision 2997) +++ forms/__init__.py (working copy) @@ -577,7 +577,7 @@ selected_html = '' if str(value) in str_data_list: selected_html = ' selected="selected"' - output.append(' <option value="%s"%s>%s</option>' % (escape(value), selected_html, choice)) + output.append(' <option value="%s"%s>%s</option>' % (escape(value), selected_html, escape(choice))) output.append(' </select>') return '\n'.join(output)
Change History (3)
comment:1 by , 19 years ago
comment:3 by , 18 years ago
Resolution: | → fixed |
---|---|
Status: | new → closed |
Note:
See TracTickets
for help on using tickets.
Sorry, should have done a "Preview" first.