[Jifty-commit] r4965 - in jifty/trunk: lib/Jifty/Web/Form/Field
Jifty commits
jifty-commit at lists.jifty.org
Wed Jan 30 10:05:24 EST 2008
Author: sterling
Date: Wed Jan 30 10:05:23 2008
New Revision: 4965
Modified:
jifty/trunk/ (props changed)
jifty/trunk/lib/Jifty/Web/Form/Field/Select.pm
Log:
r15048 at riddle: andrew | 2008-01-30 09:04:30 -0600
Fixed missing HTML escaping on option value attributes in select form fields.
Modified: jifty/trunk/lib/Jifty/Web/Form/Field/Select.pm
==============================================================================
--- jifty/trunk/lib/Jifty/Web/Form/Field/Select.pm (original)
+++ jifty/trunk/lib/Jifty/Web/Form/Field/Select.pm Wed Jan 30 10:05:23 2008
@@ -30,7 +30,7 @@
my $display = $opt->{'display'};
my $value = $opt->{'value'};
$value = "" unless defined $value;
- $field .= qq!<option value="$value"!;
+ $field .= qq!<option value="@{[ Jifty->web->escape($value) ]}"!;
$field .= qq! selected="selected"! if defined $self->current_value and $self->current_value eq $value;
$field .= qq!>!;
$field .= Jifty->web->escape(_($display)) if defined $display;
More information about the Jifty-commit
mailing list