diff options
| author | Ivan Kohler <ivan@freeside.biz> | 2016-09-25 12:43:31 -0700 |
|---|---|---|
| committer | Ivan Kohler <ivan@freeside.biz> | 2016-09-25 12:43:31 -0700 |
| commit | 9cb2c2f0b06e33b6c4bceb693267f206ca23e895 (patch) | |
| tree | 335a5e9fbb9a3fe97bdffdd440ceb1d5670b7b4f | |
| parent | f12ab9c8ffc1e0f611f40990399983896459743c (diff) | |
escape labels
| -rw-r--r-- | httemplate/elements/select.html | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/httemplate/elements/select.html b/httemplate/elements/select.html index 3a0dc5b68..44602078a 100644 --- a/httemplate/elements/select.html +++ b/httemplate/elements/select.html @@ -4,6 +4,7 @@ field => 'myfield', # NAME property curr_value => 'foo', labels => { # or 'option_labels' + # note: these will be escaped for you, don't escape them 'AL' => 'Alabama', 'AK' => 'Alaska', 'AR' => 'Arkansas', @@ -30,7 +31,7 @@ <SELECT NAME = "<% $opt{field} %>" ID = "<% $opt{id} %>" previousValue = "<% $curr_value %>" - previousText = "<% $labels->{$curr_value} || $curr_value %>" + previousText = "<% $labels->{$curr_value} || $curr_value |h %>" <% $multiple %> <% $size %> <% $style %> @@ -46,7 +47,7 @@ <OPTION VALUE="<% $option %>" <% $opt{curr_value} eq $option ? 'SELECTED' : '' %> > - <% $labels->{$option} || $option %> + <% $labels->{$option} || $option |h %> </OPTION> % } |