From 158217c57e62660be76d17fb24ed6b4fde9291f9 Mon Sep 17 00:00:00 2001 From: Vincent Pelletier <vincent@nexedi.com> Date: Wed, 14 May 2008 05:15:57 +0000 Subject: [PATCH] Escape render_items items text (used in ListField, for example). git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@20944 20353a03-c40f-0410-a6d1-a30d3c3de9de --- product/ERP5Form/FormulatorPatch.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/product/ERP5Form/FormulatorPatch.py b/product/ERP5Form/FormulatorPatch.py index 6e36603177..7597e09578 100644 --- a/product/ERP5Form/FormulatorPatch.py +++ b/product/ERP5Form/FormulatorPatch.py @@ -611,14 +611,14 @@ def SingleItemsWidget_render_items(self, field, key, value, REQUEST): if item_value == value and not selected_found: - rendered_item = self.render_selected_item(item_text, + rendered_item = self.render_selected_item(escape(item_text), item_value, key, css_class, extra_item) selected_found = 1 else: - rendered_item = self.render_item(item_text, + rendered_item = self.render_item(escape(item_text), item_value, key, css_class, -- 2.30.9