[Jifty-commit] r4965 - in jifty/trunk: lib/Jifty/Web/Form/Field

Jifty commits jifty-commit at lists.jifty.org
Wed Jan 30 10:05:24 EST 2008


Author: sterling
Date: Wed Jan 30 10:05:23 2008
New Revision: 4965

Modified:
   jifty/trunk/   (props changed)
   jifty/trunk/lib/Jifty/Web/Form/Field/Select.pm

Log:
 r15048 at riddle:  andrew | 2008-01-30 09:04:30 -0600
 Fixed missing HTML escaping on option value attributes in select form fields.


Modified: jifty/trunk/lib/Jifty/Web/Form/Field/Select.pm
==============================================================================
--- jifty/trunk/lib/Jifty/Web/Form/Field/Select.pm	(original)
+++ jifty/trunk/lib/Jifty/Web/Form/Field/Select.pm	Wed Jan 30 10:05:23 2008
@@ -30,7 +30,7 @@
         my $display = $opt->{'display'};
         my $value   = $opt->{'value'};
         $value = "" unless defined $value;
-        $field .= qq!<option value="$value"!;
+        $field .= qq!<option value="@{[ Jifty->web->escape($value) ]}"!;
         $field .= qq! selected="selected"!  if defined $self->current_value and $self->current_value eq $value;
         $field .= qq!>!;
         $field .= Jifty->web->escape(_($display)) if defined $display;


More information about the Jifty-commit mailing list