From 158217c57e62660be76d17fb24ed6b4fde9291f9 Mon Sep 17 00:00:00 2001
From: Vincent Pelletier <vincent@nexedi.com>
Date: Wed, 14 May 2008 05:15:57 +0000
Subject: [PATCH] Escape render_items items text (used in ListField, for
 example).

git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@20944 20353a03-c40f-0410-a6d1-a30d3c3de9de
---
 product/ERP5Form/FormulatorPatch.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/product/ERP5Form/FormulatorPatch.py b/product/ERP5Form/FormulatorPatch.py
index 6e36603177..7597e09578 100644
--- a/product/ERP5Form/FormulatorPatch.py
+++ b/product/ERP5Form/FormulatorPatch.py
@@ -611,14 +611,14 @@ def SingleItemsWidget_render_items(self, field, key, value, REQUEST):
 
 
       if item_value == value and not selected_found:
-          rendered_item = self.render_selected_item(item_text,
+          rendered_item = self.render_selected_item(escape(item_text),
                                                     item_value,
                                                     key,
                                                     css_class,
                                                     extra_item)
           selected_found = 1
       else:
-          rendered_item = self.render_item(item_text,
+          rendered_item = self.render_item(escape(item_text),
                                             item_value,
                                             key,
                                             css_class,
-- 
2.30.9