diff options
| author | Ivan Kohler <ivan@freeside.biz> | 2016-09-25 12:43:30 -0700 |
|---|---|---|
| committer | Ivan Kohler <ivan@freeside.biz> | 2016-09-25 12:43:30 -0700 |
| commit | 636bd62e61bba10718df2f048d44fb475964eb66 (patch) | |
| tree | e7c6333fdba424c0579a75ab4bf113b4705a74e2 /httemplate/elements | |
| parent | 0a5585fba67aaa55301fe585a75aae1106aea1e6 (diff) | |
escape labels
Diffstat (limited to 'httemplate/elements')
| -rw-r--r-- | httemplate/elements/select.html | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/httemplate/elements/select.html b/httemplate/elements/select.html index 3a0dc5b68..44602078a 100644 --- a/httemplate/elements/select.html +++ b/httemplate/elements/select.html @@ -4,6 +4,7 @@ field => 'myfield', # NAME property curr_value => 'foo', labels => { # or 'option_labels' + # note: these will be escaped for you, don't escape them 'AL' => 'Alabama', 'AK' => 'Alaska', 'AR' => 'Arkansas', @@ -30,7 +31,7 @@ <SELECT NAME = "<% $opt{field} %>" ID = "<% $opt{id} %>" previousValue = "<% $curr_value %>" - previousText = "<% $labels->{$curr_value} || $curr_value %>" + previousText = "<% $labels->{$curr_value} || $curr_value |h %>" <% $multiple %> <% $size %> <% $style %> @@ -46,7 +47,7 @@ <OPTION VALUE="<% $option %>" <% $opt{curr_value} eq $option ? 'SELECTED' : '' %> > - <% $labels->{$option} || $option %> + <% $labels->{$option} || $option |h %> </OPTION> % } |