escape labels

[freeside.git] / httemplate / elements / select.html

diff --git a/httemplate/elements/select.html b/httemplate/elements/select.html
index 42cd895..4460207 100644 (file)
--- a/httemplate/elements/select.html
+++ b/httemplate/elements/select.html
@@ -4,6 +4,7 @@
     field       => 'myfield', # NAME property
     curr_value  => 'foo',
     labels      => { # or 'option_labels'
+                     # note: these will be escaped for you, don't escape them
                      'AL' => 'Alabama',
                      'AK' => 'Alaska',
                      'AR' => 'Arkansas',
@@ -21,6 +22,7 @@
     disabled    => 0,
     onchange    => 'do_something()',
     js_only     => 0,         # disables the whole thing
+    element_etc => '',        # anything else to put in the <select> tag
 &>
 </%doc>
     
@@ -29,12 +31,13 @@
 <SELECT NAME          = "<% $opt{field} %>"
         ID            = "<% $opt{id} %>"
         previousValue = "<% $curr_value %>"
-        previousText  = "<% $labels->{$curr_value} || $curr_value %>"
+        previousText  = "<% $labels->{$curr_value} || $curr_value |h %>"
         <% $multiple %>
         <% $size %>
         <% $style %>
         <% $opt{disabled} %>
         <% $onchange %>
+        <% $opt{'element_etc'} %>
 >
 
 % if ( $opt{options} ) {
@@ -44,7 +47,7 @@
       <OPTION VALUE="<% $option %>"
               <% $opt{curr_value} eq $option ? 'SELECTED' : '' %>
       >
-        <% $labels->{$option} || $option %>
+        <% $labels->{$option} || $option |h %>
       </OPTION>
 
 %   }