id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
2020	Choices are not escaped	tom@…	Adrian Holovaty	"Choices are not escaped correctly.

Here's a patch:

{{{
Index: forms/__init__.py
===================================================================
--- forms/__init__.py   (revision 2997)
+++ forms/__init__.py   (working copy)
@@ -577,7 +577,7 @@
             selected_html = ''
             if str(value) in str_data_list:
                 selected_html = ' selected=""selected""'
-            output.append('    <option value=""%s""%s>%s</option>' % (escape(value), selected_html, choice))
+            output.append('    <option value=""%s""%s>%s</option>' % (escape(value), selected_html, escape(choice)))
         output.append('  </select>')
         return '\n'.join(output)
}}}"	defect	closed	Core (Other)		normal	fixed			Unreviewed	0	0	0	0	0	0